static void add_to_known_names(const char *path, const unsigned char *peeled, int prio, const unsigned char *sha1) { struct commit_name *e = find_commit_name(peeled); struct tag *tag = NULL; if (replace_name(e, prio, sha1, &tag)) { if (!e) { void **pos; e = xmalloc(sizeof(struct commit_name)); hashcpy(e->peeled, peeled); pos = insert_hash(hash_sha1(peeled), e, &names); if (pos) { e->next = *pos; *pos = e; } else { e->next = NULL; } } e->tag = tag; e->prio = prio; e->name_checked = 0; hashcpy(e->sha1, sha1); e->path = path; } }
/** * Verify a signed interest * * params are as returned in upcall info structure * key is what should be used to verify * * returns: * -1 for parsing error * 0 for incorrect signature / unverified * 1 for proper verification * */ int verify_signed_interest(const unsigned char *ccnb, const struct ccn_indexbuf *comps, size_t num_comps, size_t start, size_t stop, struct ccn_pkey* key) { fprintf(stderr,"verifying signed interest...\n"); // What is info->interest_comps->n ? //fprintf(stderr, "Interest components %d\n", (int) info->interest_comps->n); unsigned char* comp; size_t size; int res; // Create a charbuf with the matched interest name incl nonce struct ccn_charbuf* name = ccn_charbuf_create(); ccn_name_init(name); res = ccn_name_append_components(name, ccnb, start, stop); // Last component, should be the signature res = ccn_name_comp_get(ccnb, comps, num_comps, (const unsigned char**)&comp, &size); if (memcmp(NS_SIGNATURE, comp, NS_SIGNATURE_LEN) != 0) { fprintf(stderr, "debug: Last component not tagged as a signature.\n"); return(-1); } // Parse our nameless, dataless content object that follows the namespace // and replace the name with the implicit name from the interest, so that // we can use the standard signature verification calls. Could be made // more efficient with different library calls. struct ccn_charbuf* co_with_name = ccn_charbuf_create(); unsigned char* co = &comp[NS_SIGNATURE_LEN]; replace_name(co_with_name, co, size-NS_SIGNATURE_LEN, name); //fprintf(stderr, "replace_name == %d (%s)\n", res, (res==0)?"ok":"fail"); // For now, use standard routines to verify signature struct ccn_parsed_ContentObject pco = {0}; fprintf(stderr,"verifying signed interest...2\n"); res = ccn_parse_ContentObject(co_with_name->buf, co_with_name->length, &pco, NULL); if (!res) { // Verify the signature against the authorized public key given to us, passed through to the handler res = ccn_verify_signature(co_with_name->buf, pco.offset[CCN_PCO_E], &pco, key ); } else { fprintf(stderr, "debug: Constructed content object parse failed (res==%d)\n", res); } fprintf(stderr,"verifying signed interest...3\n"); ccn_charbuf_destroy(&co_with_name); ccn_charbuf_destroy(&name); return (res); }
int sign_interest(struct ccn_charbuf* name_signed, struct ccn_charbuf* name, struct ccn_charbuf* signed_info, const char* digest_algorithm, struct ccn_pkey* key) { int res = 0; // Now assemble a signed Content object // Use ccn_encode_ContentObject so we can specify the key of our choice struct ccn_charbuf *tempContentObj = ccn_charbuf_create(); res = ccn_encode_ContentObject(tempContentObj, name, signed_info, NULL /* no data */, 0, digest_algorithm, key); if (res < 0) { fprintf(stderr, "Error building content object (res == %d)\n", res); return(res); } // Call replace_name to knock out the name; // it would be more efficient to assemble this with no name a modified ccn_encode_ContentObject() call // but that requires modification to the library function struct ccn_charbuf *empty_name = ccn_charbuf_create(); struct ccn_charbuf *sigContentObj = ccn_charbuf_create(); ccn_name_init(empty_name); // First prepend the namespace; (should this be done as a "name component"?) ccn_charbuf_append(sigContentObj, NS_SIGNATURE, NS_SIGNATURE_LEN); replace_name(sigContentObj, tempContentObj->buf, tempContentObj->length, empty_name); //fprintf(stderr, "replace_name == %d (%s)\n", res, (res==0)?"ok":"fail"); /* // Check that we didn't break things struct ccn_parsed_ContentObject pco = {0}; res = ccn_parse_ContentObject(&sigContentObj->buf[NS_SIGNATURE_LEN], sigContentObj->length - NS_SIGNATURE_LEN, &pco, NULL); if (res < 0) { fprintf(stderr, "Error parsing built content object (res == %d)\n", res); return(1); } */ ccn_charbuf_destroy(&empty_name); ccn_charbuf_destroy(&tempContentObj); // Build the final name for the interest <prefix>/<namespace><contentObj> ccn_charbuf_append_charbuf(name_signed, name); // Copy the name ccn_name_append(name_signed, sigContentObj->buf, sigContentObj->length); // Concatenate the new component // Dump the signature // print_hex(stderr,&(sigContentObj->buf)[NS_SIGNATURE_LEN],sigContentObj->length - NS_SIGNATURE_LEN,12); // fprintf(stderr,"\n"); // ccn_charbuf_destroy(&sigContentObj); return (res); }
static void add_to_known_names(const char *path, const unsigned char *peeled, int prio, const unsigned char *sha1) { struct commit_name *e = find_commit_name(peeled); struct tag *tag = NULL; if (replace_name(e, prio, sha1, &tag)) { if (!e) { e = xmalloc(sizeof(struct commit_name)); hashcpy(e->peeled, peeled); hashmap_entry_init(e, sha1hash(peeled)); hashmap_add(&names, e); e->path = NULL; } e->tag = tag; e->prio = prio; e->name_checked = 0; hashcpy(e->sha1, sha1); free(e->path); e->path = xstrdup(path); } }