Project

General

Profile

Feature #5004

CertificateBundle encoding and decoding

Added by Junxiao Shi 9 months ago. Updated 3 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
6.00 h

Description

Implement CertificateBundle low-level encoding and decoding API, as specified in #2766-30.

This issue includes these functions and types:

  • deriveCertBundleName
  • deriveCertBundlePrefixFromKeyLocator
  • encodeCertBundle
  • CertBundleDecoder

Related issues

Blocks ndn-cxx - Feature #5005: CertificateBundle publisherNewJeremy Clark

Actions
Blocks ndn-cxx - Feature #5007: CertificateBundle fetcherNewJeremy Clark

Actions
Blocked by ndn-cxx - Feature #4696: SegmentPublisher: segmentation utilityIn ProgressAshlesh Gawande

Actions
#1

Updated by Junxiao Shi 9 months ago

#2

Updated by Junxiao Shi 9 months ago

  • Tags set to CertificateBundle
#3

Updated by Junxiao Shi 9 months ago

#4

Updated by Junxiao Shi 9 months ago

  • Description updated (diff)
#6

Updated by Jeremy Clark 8 months ago

  • Status changed from New to In Progress
#7

Updated by Jeremy Clark 8 months ago

For the deriveCertBundleName and deriveCertBundlePrefixFromKeyLocator functions, what should they return if the name passed to the function isn't correct?

#8

Updated by Junxiao Shi 8 months ago

what should they return if the name passed to the function isn't correct?

If argument is wrong, throw std::invalid_argument exception.

#9

Updated by Junxiao Shi 8 months ago

  • Blocked by Feature #4696: SegmentPublisher: segmentation utility added
#10

Updated by Junxiao Shi 8 months ago

Part of this task is blocked by #4696 because encodeCertBundle relies on SegmentPublisher.
Other parts are not blocked. You can submit a Gerrit Change when unblocked parts are ready.

#12

Updated by Jeremy Clark 7 months ago

Should I ignore encodeCertBundle for now, write the skeleton of the method around the call to the SegmentPublisher, or include a simple segmentation implementation within it?

#13

Updated by Junxiao Shi 7 months ago

Should I ignore encodeCertBundle for now, write the skeleton of the method around the call to the SegmentPublisher, or include a simple segmentation implementation within it?

You should submit a Change without encodeCertBundle and anything else that depend on SegmentPublisher.
You should also push the assignee of #4696 to complete his/her assignment, so that you can continue working on encodeCertBundle.
In either case, "simple segmentation implementation" is NOT part of this task.

#14

Updated by Jeremy Clark 4 months ago

Since the bundle decoder is a stream decoder, when a data segment is appended, should the decoder check if that segment is (or is part of) a certificate?

Does it make each bundle available as they are decoded?

#15

Updated by Junxiao Shi 4 months ago

when a data segment is appended, should the decoder check if that segment is (or is part of) a certificate?
Does it make each bundle available as they are decoded?

Yes. The logic would be similar as reading top-level TLV packets from a stream socket.

#16

Updated by Jeremy Clark 4 months ago

Is it possible for a data segment to contain part of two different certificates? For example, if segments are 8000 bytes each and a certificate is 9000, would the first certificate be contained in the first and second segment and the start of the second certificate also be contained in the second segment?

If this is the case, is there a class in ndn-cxx for reading TLV data directly?

#17

Updated by Junxiao Shi 4 months ago

Is it possible for a data segment to contain part of two different certificates? For example, if segments are 8000 bytes each and a certificate is 9000, would the first certificate be contained in the first and second segment and the start of the second certificate also be contained in the second segment?

Yes, this is allowed by protocol.

is there a class in ndn-cxx for reading TLV data directly?

SegmentFetcher and SegmentPublisher are expected to expose a streaming interface. Decoding and encoding certificates in the payload stream of a segmented object shall be similar as decoding and encoding L3 packets in a Unix socket.

#18

Updated by Ashlesh Gawande 3 months ago

is there a class in ndn-cxx for reading TLV data directly?

SegmentFetcher and SegmentPublisher are expected to expose a streaming interface. Decoding and encoding certificates in the payload stream of a segmented object shall be similar as decoding and encoding L3 packets in a Unix socket.

Could you please point to the code?

#20

Updated by Jeremy Clark 3 months ago

What is the SegmentFetcher exposing its streaming interface to? Is the purpose of the append function in the CertBundleDecoder not to accept incoming segments from the Fetcher?

#21

Updated by Junxiao Shi 3 months ago

What is the SegmentFetcher exposing its streaming interface to? Is the purpose of the append function in the CertBundleDecoder not to accept incoming segments from the Fetcher?

CertBundleFetcher would use SegmentFetcher to retrieve the segments, and pass each received segment to CertBundleDecoder::append.

#22

Updated by Jeremy Clark 3 months ago

Ok. What do you mean by "expose a streaming interface?"

#23

Updated by Junxiao Shi 2 months ago

Ok. What do you mean by "expose a streaming interface?"

This means the decoder can incrementally accept input, and emit successfully decoded certificates as they are received.
In TypeScript analogy, it's a function that accepts AsyncIterable<Uint8Array> type and returns AsyncIterable<Certificate> type.

#24

Updated by Alex Afanasyev 3 days ago

  • Tags changed from CertificateBundle to CertificateBundle, security

Also available in: Atom PDF