Project

General

Profile

Bug #4583

Updated by Junxiao Shi over 6 years ago

Steps to reproduce: 

 1. Construct a Data packet with Name, MetaInfo, Content, SignatureInfo elements present. 
 2. Append a valid signature using any signing algorithm defined in v0.3. 
 3. Inject one or more unrecognized non-critical TLV elements before, between, or after SignatureValue. any of the five existing TLV elements. 
 4. Call a `verify*` function in `security/verification-helpers.hpp`. 

 Expected: The signature is found to be valid. 
 Actual: The If step3 injects after SignatureValue, the verification helper fails to parse the signature. Otherwise, the signature is found to be invalid. 

 Packet Format v0.3 defines SignatureValue to be a signature over Name+MetaInfo+Content+SignatureInfo. For example, with SignatureType=3, it is `ECDSA over SHA256{Name, MetaInfo, Content, SignatureInfo}`. Thus, signing and verification procedures should skip over other TLV elements.

Back