static void add_to_known_names(const char *path,
const unsigned char *peeled,
int prio,
const unsigned char *sha1)
{
struct commit_name *e = find_commit_name(peeled);
struct tag *tag = NULL;
if (replace_name(e, prio, sha1, &tag)) {
if (!e) {
void **pos;
e = xmalloc(sizeof(struct commit_name));
hashcpy(e->peeled, peeled);
pos = insert_hash(hash_sha1(peeled), e, &names);
if (pos) {
e->next = *pos;
*pos = e;
} else {
e->next = NULL;
}
}
e->tag = tag;
e->prio = prio;
e->name_checked = 0;
hashcpy(e->sha1, sha1);
e->path = path;
}
}
/**
* Verify a signed interest
*
* params are as returned in upcall info structure
* key is what should be used to verify
*
* returns:
* -1 for parsing error
* 0 for incorrect signature / unverified
* 1 for proper verification
*
*/
int verify_signed_interest(const unsigned char *ccnb, const struct ccn_indexbuf *comps,
size_t num_comps, size_t start, size_t stop,
struct ccn_pkey* key) {
fprintf(stderr,"verifying signed interest...\n");
// What is info->interest_comps->n ?
//fprintf(stderr, "Interest components %d\n", (int) info->interest_comps->n);
unsigned char* comp;
size_t size;
int res;
// Create a charbuf with the matched interest name incl nonce
struct ccn_charbuf* name = ccn_charbuf_create();
ccn_name_init(name);
res = ccn_name_append_components(name, ccnb, start, stop);
// Last component, should be the signature
res = ccn_name_comp_get(ccnb, comps,
num_comps,
(const unsigned char**)&comp, &size);
if (memcmp(NS_SIGNATURE, comp, NS_SIGNATURE_LEN) != 0) {
fprintf(stderr, "debug: Last component not tagged as a signature.\n");
return(-1);
}
// Parse our nameless, dataless content object that follows the namespace
// and replace the name with the implicit name from the interest, so that
// we can use the standard signature verification calls. Could be made
// more efficient with different library calls.
struct ccn_charbuf* co_with_name = ccn_charbuf_create();
unsigned char* co = &comp[NS_SIGNATURE_LEN];
replace_name(co_with_name, co, size-NS_SIGNATURE_LEN, name);
//fprintf(stderr, "replace_name == %d (%s)\n", res, (res==0)?"ok":"fail");
// For now, use standard routines to verify signature
struct ccn_parsed_ContentObject pco = {0};
fprintf(stderr,"verifying signed interest...2\n");
res = ccn_parse_ContentObject(co_with_name->buf, co_with_name->length, &pco, NULL);
if (!res) {
// Verify the signature against the authorized public key given to us, passed through to the handler
res = ccn_verify_signature(co_with_name->buf, pco.offset[CCN_PCO_E], &pco, key );
} else {
fprintf(stderr, "debug: Constructed content object parse failed (res==%d)\n", res);
}
fprintf(stderr,"verifying signed interest...3\n");
ccn_charbuf_destroy(&co_with_name);
ccn_charbuf_destroy(&name);
return (res);
}
int sign_interest(struct ccn_charbuf* name_signed, struct ccn_charbuf* name,
struct ccn_charbuf* signed_info, const char* digest_algorithm, struct ccn_pkey* key) {
int res = 0;
// Now assemble a signed Content object
// Use ccn_encode_ContentObject so we can specify the key of our choice
struct ccn_charbuf *tempContentObj = ccn_charbuf_create();
res = ccn_encode_ContentObject(tempContentObj, name, signed_info, NULL /* no data */, 0,
digest_algorithm, key);
if (res < 0) {
fprintf(stderr, "Error building content object (res == %d)\n", res);
return(res);
}
// Call replace_name to knock out the name;
// it would be more efficient to assemble this with no name a modified ccn_encode_ContentObject() call
// but that requires modification to the library function
struct ccn_charbuf *empty_name = ccn_charbuf_create();
struct ccn_charbuf *sigContentObj = ccn_charbuf_create();
ccn_name_init(empty_name);
// First prepend the namespace; (should this be done as a "name component"?)
ccn_charbuf_append(sigContentObj, NS_SIGNATURE, NS_SIGNATURE_LEN);
replace_name(sigContentObj, tempContentObj->buf, tempContentObj->length, empty_name);
//fprintf(stderr, "replace_name == %d (%s)\n", res, (res==0)?"ok":"fail");
/*
// Check that we didn't break things
struct ccn_parsed_ContentObject pco = {0};
res = ccn_parse_ContentObject(&sigContentObj->buf[NS_SIGNATURE_LEN], sigContentObj->length - NS_SIGNATURE_LEN, &pco, NULL);
if (res < 0) {
fprintf(stderr, "Error parsing built content object (res == %d)\n", res);
return(1);
}
*/
ccn_charbuf_destroy(&empty_name);
ccn_charbuf_destroy(&tempContentObj);
// Build the final name for the interest <prefix>/<namespace><contentObj>
ccn_charbuf_append_charbuf(name_signed, name); // Copy the name
ccn_name_append(name_signed, sigContentObj->buf, sigContentObj->length); // Concatenate the new component
// Dump the signature
// print_hex(stderr,&(sigContentObj->buf)[NS_SIGNATURE_LEN],sigContentObj->length - NS_SIGNATURE_LEN,12);
// fprintf(stderr,"\n");
//
ccn_charbuf_destroy(&sigContentObj);
return (res);
}
static void add_to_known_names(const char *path,
const unsigned char *peeled,
int prio,
const unsigned char *sha1)
{
struct commit_name *e = find_commit_name(peeled);
struct tag *tag = NULL;
if (replace_name(e, prio, sha1, &tag)) {
if (!e) {
e = xmalloc(sizeof(struct commit_name));
hashcpy(e->peeled, peeled);
hashmap_entry_init(e, sha1hash(peeled));
hashmap_add(&names, e);
e->path = NULL;
}
e->tag = tag;
e->prio = prio;
e->name_checked = 0;
hashcpy(e->sha1, sha1);
free(e->path);
e->path = xstrdup(path);
}
}
