Feature #5008
closed
Provide an option to use dummy keychain as used in ndnSIM
0%
Description
ndnSIM uses a dummy in-memory keychain to reduce CPU computations (by using fixed pre-computed signature) and reduce file IO (by not interacting with filesystem, .ndn/*). Please correct if some wrong assumption here.
Mini-NDN would also like to take advantage of this to start much faster and scale much better when users don't require security.
Straight forward option for Mini-NDN is to ship those patches from ndnSIM and ask users to apply. But since ndnSIM also needs them, would it better to move the dummy-keychain.* to ndn-cxx so that ndnSIM does not have to maintain it (I think there is some maintenance coming as doVerify is added to KeyHandle)? Mini-NDN users can then compile ndn-cxx with some option like:
./waf configure --dummy-keychain
diff --git a/ndn-cxx/security/v2/key-chain.cpp b/ndn-cxx/security/v2/key-chain.cpp
index 8043635..e9ba3f4 100644
--- a/ndn-cxx/security/v2/key-chain.cpp
+++ b/ndn-cxx/security/v2/key-chain.cpp
@@ -25,6 +25,9 @@
#include "ndn-cxx/util/config-file.hpp"
#include "ndn-cxx/util/logger.hpp"
#include "ndn-cxx/util/sha256.hpp"
+#ifdef NDN_CXX_DUMMY_KEYCHAIN
+#include "ndn-cxx/util/dummy-keychain.hpp"
+#endif // NDN_CXX_DUMMY_KEYCHAIN
#include "ndn-cxx/security/pib/pib-memory.hpp"
#include "ndn-cxx/security/pib/pib-sqlite3.hpp"
@@ -163,7 +166,11 @@ KeyChain::getDefaultKeyParams()
//
KeyChain::KeyChain()
+#ifdef NDN_CXX_DUMMY_KEYCHAIN
+ : KeyChain("pib-dummy", "tpm-dummy", true)
+#else
: KeyChain(getDefaultPibLocator(), getDefaultTpmLocator(), true)
+#endif // NDN_CXX_DUMMY_KEYCHAIN
{
}
Or maybe have the user set an environment variable to switch between dummy and real key-chain. Then user don't have to compile again when switching. (But I did have to recompile NFD when I changed KeyChain(getDefaultPibLocator(), getDefaultTpmLocator(), true) to KeyChain("pib-dummy", "tpm-dummy", true) so as to get rid of a "invalid pointer" error so maybe this will not work and having compile time option is better).
Updated by Ashlesh Gawande over 4 years ago
- Subject changed from Provide an option to use dummy keychain by default as used in ndnSIM to Provide an option to use dummy keychain as used in ndnSIM
Updated by Ashlesh Gawande over 4 years ago
- Status changed from New to Closed
Will look a bit into using digest signature - whether it is possible to have ndn-cxx do digest signature for all.
This may still have a bit overhead. Short term solution is simply to ship the dummy keychain w/ Mini-NDN as ndn-cxx should not have dummy stuff.
Updated by Davide Pesavento over 4 years ago
Ashlesh Gawande wrote:
ndn-cxx should not have dummy stuff.
I missed the first part of the call today, why is that? what's the rationale?
Updated by Ashlesh Gawande over 4 years ago
Davide Pesavento wrote:
Ashlesh Gawande wrote:
ndn-cxx should not have dummy stuff.
I missed the first part of the call today, why is that? what's the rationale?
I think because it is never meant to be used in production so better to keep it out altogether, Alex can confirm.
Updated by Davide Pesavento over 4 years ago
Ashlesh Gawande wrote:
Davide Pesavento wrote:
Ashlesh Gawande wrote:
ndn-cxx should not have dummy stuff.
I missed the first part of the call today, why is that? what's the rationale?
I think because it is never meant to be used in production so better to keep it out altogether, Alex can confirm.
Bah... we have a few other things in ndn-cxx and NFD just for testing that are not meant for production... so I don't really buy this argument. But if you're ok with that, I won't complain :)
Updated by Davide Pesavento over 4 years ago
- Category changed from Utils to Security
- Status changed from Closed to Abandoned
- Target version deleted (
v0.7)