pollere / dct Goto Github PK
View Code? Open in Web Editor NEWDefined-trust Communications Toolkit for secure multicast transport
License: Other
Defined-trust Communications Toolkit for secure multicast transport
License: Other
Following Environment setup in #3,
When running the operator from a setup similar to MBPS app2, we have the following log:
operator:alice-38782 msg #7 published to Collection.
operator:alice-38782 msg #8 published to Collection.
operator:alice-38782 msg #9 published to Collection.
Application entity operator:alice-38782 received message:
capability = lock
topic = event
location = frontdoor
arguments = locked
message creation time = 1626927042172072 (3.16138mS)
message body: Message number 4 from device:frontdoor-38780
operator:alice-38782 msg #10 timed out without reaching Collection.
operator:alice-38782 msg #11 published to Collection.
Application entity operator:alice-38782 received message:
capability = lock
topic = event
location = frontdoor
arguments = battery_low
message creation time = 1626927044187709 (3.41476mS)
message body: Message number 6 from device:frontdoor-38780
Where the message 10 has failed to reach collection. However, the other peer seems to have received the message.
Would you mind looking into this error message?
Thanks.
In SignatureType assigned numbers, Null signature was assigned the number 200
(decimal) on 2020-06-19.
DCT should use the officially assigned SignatureType number for Null signature.
DCT/include/dct/sigmgrs/sigmgr.hpp
Lines 68 to 73 in ef498fd
dnmp.trust
is using the replace()
function that is unimplemented in the current version of the schema compiler.
Consequently, it is not compiling properly.
Please update the schema so that it does not use the replace()
function.
$ ./schemaCompile -vv doc/dnmp.trust
VerSec Schema Compiler Copyright (C) 2020 Pollere Inc., v5.1.0-1-gab45368
doc/dnmp.trust:32.17-24: syntax error, unexpected string, expecting ')'
doc/dnmp.trust:32.35-41: syntax error, unexpected literal, expecting eof or string
Publication #command:
parameters: target pType pArgs
tags: /_network/_domain/target/_topic/_roleId/pType/pArgs/_origin/_cTS
Publication #wirePrefix:
parameters: target
tags: /_ndnprefix/_domain/target
Certificate templates:
cert userCert: /"AliceNetOps"/"dnmp"/"user"/_roleId/"KEY"/_/_/_
cert opCert: /"AliceNetOps"/"dnmp"/"operator"/_roleId/"KEY"/_/_/_
cert dnmpCert: /"AliceNetOps"/"dnmp"/"KEY"/_/_/_
cert netCert: /"AliceNetOps"/"KEY"/_/_/_
binary schema is 354 bytes
Source code of schemaCompile is missing.
Please upload source code to comply with GPL requirements.
SigMgrRFC7693::validate
and SigMgrSHA256::validate
functions verify BLAKE2b or SHA256 signature.
Each function first creates a correct BLAKE2b or SHA256 signature over the input, then compares the incoming signature with that correct signature.
The comparison step is coded as:
DCT/include/dct/sigmgrs/sigmgr_rfc7693.hpp
Lines 85 to 91 in cdf4c89
DCT/include/dct/sigmgrs/sigmgr_sha256.hpp
Line 85 in cdf4c89
The std::memcmp
function returns as soon as finding the first different element.
As a result, these functions are vulnerable to timing attacks because the execution time of these function leaks the information about which is the first byte that differs from the correct signature.
To fix this bug, use a constant-time comparison function such as sodium_memcmp.
Starting the sample applications, e.g., app2
frequently causes prefix registration errors. To reproduce the identical environment, spin-up a VM using the following Vagrantfile:
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.define "dct-dev-1"
config.vm.box = "bento/ubuntu-20.04"
config.vm.hostname = "dct"
config.vm.provider "virtualbox" do |vb|
vb.name = "dct-dev-1"
vb.cpus = "4"
vb.memory = "8000"
end
config.vm.provision "shell", privileged: false, inline: <<-SHELL
sudo apt-get update
sudo apt-get -y install gcc-10 g++-10 build-essential \
pkg-config python3-minimal libboost-all-dev \
libssl-dev libsqlite3-dev libpcap-dev \
libsodium-dev libz-dev \
liblog4cxx-dev
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 100
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 100
sudo update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-10 100
git clone https://github.com/pollere/NDNpatches
git clone https://github.com/named-data/ndn-cxx
cd ndn-cxx
git apply ../NDNpatches/patch.key-impl
./waf configure
./waf
sudo ./waf install
sudo ldconfig
cd ..
git clone https://github.com/named-data/NFD
cd NFD
git submodule update --init
./waf configure
./waf
sudo ./waf install
sudo cp /usr/local/etc/ndn/nfd.conf.sample /usr/local/etc/ndn/nfd.conf
cd ..
git clone https://github.com/operantnetworks/ndn-ind
cd ndn-ind
git apply ../NDNpatches/patch.ndn-ind
./configure
make -j
sudo make install
sudo ldconfig
cd ..
git clone https://github.com/pollere/DCT
cd DCT/
cd tools/
make -j
cd ../examples/mbps
make -j
wget https://github.com/pollere/DCT/releases/download/v3.0/linux-schemaCompile-bin-1.2.0.tgz
tar -xzvf linux-schemaCompile-bin-1.2.0.tgz
rm linux-schemaCompile-bin-1.2.0.tgz
./schemaCompile -o mbps1.scm mbps1.trust
../../tools/make_cert -s EdDSA -o mbps1.root myNet/mbps1
../../tools/schema_cert -o mbps1.schema mbps1.scm mbps1.root
../../tools/make_cert -s EdDSA -o alice.cert myNet/mbps1/operator/alice mbps1.root
../../tools/make_cert -s EdDSA -o bob.cert myNet/mbps1/operator/bob mbps1.root
../../tools/make_cert -s EdDSA -o cathy.cert myNet/mbps1/operator/cathy mbps1.root
../../tools/make_bundle -o alice.bundle mbps1.root mbps1.schema +alice.cert
../../tools/make_bundle -o bob.bundle mbps1.root mbps1.schema +bob.cert
../../tools/make_bundle -o cathy.bundle mbps1.root mbps1.schema +cathy.cert
cd ../../..
ndnsec key-gen /ndn/alice
SHELL
end
The Vagrantfile already creates three identities for the operators "Alice", "Bob", and "Cathy" in the folder DCT/examples/mbps/
.
After starting NFD, repeatedly starting app2
causes the following error:
./app2 alice.bundle
22:50.000232 ERROR /localnet/mbps1/cert onRegisterFailed /localnet/mbps1/cert
22:50.000232 ERROR ndn.Node Node::RegisterResponse::operator(): Error in onRegisterFailed: onRegisterFailed /localnet/mbps1/cert
I don't understand the difference between a "regular" identifier (foo
) and an identifier prefixed by the #
sign (#foo
). Could this be explained in the language description document?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.