Project

General

Profile

Bug #4085

ndnsec list: wrong default identity and default key

Added by Zhiyi Zhang about 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
3.00 h

Description

Steps to reproduce:

  1. rm -rf ~/.ndn
  2. ndnsec key-gen /id1
  3. ndnsec key-gen /id1
  4. ndnsec key-gen /id2
  5. ndnsec list -c

Expected: one of two identities is indicated as default; one of two keys under /id1 is indicated as default
Actual: neither identity is indicated as default; both keys are indicated as default


Related issues

Blocks NFD - Task #4275: Release 0.6.0ClosedAlex Afanasyev

Actions
#1

Updated by Junxiao Shi about 3 years ago

  • Project changed from NFD to ndn-cxx
  • Category set to Security
  • Target version set to v0.6
#2

Updated by Zhiyi Zhang about 3 years ago

  • Subject changed from Bugs in ndnsec command line tools of keychain version 2 to Bugs in keychain v2: cannot show default identity/key and have same output when dumping different certs
#3

Updated by Junxiao Shi about 3 years ago

The error is not caused by command line tools but caused by ndn-cxx KeyChain v2

How do you know that? Is there a minimal code snippet that calls KeyChain and reproduces the issue?

Is the problem specific to one PIB backend (SQLite3 or in-memory), or occurs with both?

#4

Updated by Junxiao Shi almost 3 years ago

#5

Updated by Junxiao Shi almost 3 years ago

  • Subject changed from Bugs in keychain v2: cannot show default identity/key and have same output when dumping different certs to ndnsec list: wrong default identity and default key
  • Description updated (diff)
  • Start date deleted (05/23/2017)
  • Estimated time set to 3.00 h

This issue previously contained a bug in ndnsec cert-dump that has been split to #4323.

There are two causes of this bug.
First, ndnsec list is missing an assignment to defaultIdentity variable, so that none of the identities would be indicated as default.

Second, ndnsec list uses == operator to compare an identity or key to the default, but Identity and Key types lack custom operator== operators. Coincidentally, both types are implicitly convertible to bool to indicate whether the instance is valid, which causes all keys to be indicated as default. This issue does not affect default certificate because Certificate's base class Data has a proper operator==.

#6

Updated by Junxiao Shi almost 3 years ago

  • Status changed from New to In Progress
  • Assignee set to Junxiao Shi
#7

Updated by Junxiao Shi almost 3 years ago

  • Status changed from In Progress to Code review
  • % Done changed from 0 to 100
#9

Updated by Davide Pesavento almost 3 years ago

  • Status changed from Code review to Closed

Also available in: Atom PDF