Skip to content

Commit

Permalink
Change signature strategie, sign the whole content deliverd with the …
Browse files Browse the repository at this point in the history 
…interests.
  • Loading branch information
@blacksheeep
blacksheeep committed Sep 5, 2013
1 parent 5b6edcc commit a5dd8bb
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 65 deletions.
109 changes: 54 additions & 55 deletions ccnl-ext-mgmt.c
View file
Expand Up @@ -1456,10 +1456,9 @@ ccnl_mgmt_prefixreg(struct ccnl_relay_s *ccnl, struct ccnl_buf_s *orig,
return rc;
}

#ifndef CCNL_LINUXKERNEL

int sha1(void* input, unsigned long length, unsigned char* md)
{
#ifndef CCNL_LINUXKERNEL
SHA_CTX context;
if(!SHA1_Init(&context))
return 0;
Expand All @@ -1471,10 +1470,14 @@ int sha1(void* input, unsigned long length, unsigned char* md)
return 0;

return 1;
#else
return 0;
#endif
}

int verify(char* public_key_path, char *msg, int msg_len, char *sig, int sig_len)
{
#ifndef CCNL_LINUXKERNEL
//Load public key
FILE *fp = fopen(public_key_path, "r");
if(!fp) {
Expand All @@ -1493,32 +1496,29 @@ int verify(char* public_key_path, char *msg, int msg_len, char *sig, int sig_len
int verified = RSA_verify(NID_sha1, md, SHA_DIGEST_LENGTH, sig, sig_len, rsa);
RSA_free(rsa);
return verified;
}
#else
return 0;
#endif
}


int
ccnl_mgmt_addcacheobject(struct ccnl_relay_s *ccnl, struct ccnl_buf_s *orig,
struct ccnl_prefix_s *prefix, struct ccnl_face_s *from)
{
DEBUGMSG(99,"add to cache not yet implemented\n");

{
unsigned char *buf;
unsigned char *data;
int buflen, datalen;
int num, typ;

unsigned char *sigtype = 0, *sig = 0, *content = 0;
unsigned char *sigtype = 0, *sig = 0;

buf = prefix->comp[3];
buflen = prefix->complen[3];

if (dehead(&buf, &buflen, &num, &typ) < 0) goto Bail;
if (typ != CCN_TT_DTAG || num != CCN_DTAG_CONTENTOBJ) goto Bail;
if (dehead(&buf, &buflen, &num, &typ) != 0) goto Bail;
if (typ != CCN_TT_DTAG || num != CCN_DTAG_CONTENT) goto Bail;

if (dehead(&buf, &buflen, &num, &typ) != 0) goto Bail;
if (typ != CCN_TT_BLOB) goto Bail;

if (dehead(&buf, &buflen, &num, &typ) != 0) goto Bail;
if (typ != CCN_TT_DTAG || num != CCN_DTAG_SIGNATURE) goto Bail;
Expand All @@ -1533,50 +1533,54 @@ ccnl_mgmt_addcacheobject(struct ccnl_relay_s *ccnl, struct ccnl_buf_s *orig,

if (consume(typ, num, &buf, &buflen, 0, 0) < 0) goto Bail;
}

if (dehead(&buf, &buflen, &num, &typ) != 0) goto Bail;
if (typ != CCN_TT_DTAG || num != CCN_DTAG_CONTENT) goto Bail;

if (dehead(&buf, &buflen, &num, &typ) != 0) goto Bail;
if (typ != CCN_TT_BLOB) goto Bail;

int i;
datalen = buflen - 2;
data = buf;
#ifndef CCNL_LINUXKERNEL
datalen = buflen - 1;
data = buf;

int verified = verify("/home/blacksheeep/.ssh/publickey.pem", data, datalen, sig, 256);
if(verified){
DEBUGMSG(99, "Signature verified, add content\n");
//add object to cache here...
struct ccnl_prefix_s *prefix = 0;
struct ccnl_content_s *c = 0;
struct ccnl_buf_s *nonce=0, *ppkd=0, *pkt = 0;
unsigned char *content, *data = buf + 2;
int contlen;

pkt = ccnl_extract_prefix_nonce_ppkd(&data, &datalen, 0, 0,
0, 0, &prefix, &nonce, &ppkd, &content, &contlen);
if (!pkt) {
DEBUGMSG(6, " parsing error\n"); goto Done;
}
if (!prefix) {
DEBUGMSG(6, " no prefix error\n"); goto Done;
}
c = ccnl_content_new(ccnl, &pkt, &prefix, &ppkd,
content, contlen);
if (!c) goto Done;
ccnl_content_add2cache(ccnl, c);
c->flags |= CCNL_CONTENT_FLAGS_STATIC;
if(!verified) {
DEBUGMSG(99, "Drop add-to-cache-request, signature could not be verified\n");
goto Bail;
}

if (dehead(&buf, &buflen, &num, &typ) != 0) goto Bail;
if (dehead(&buf, &buflen, &num, &typ) != 0) goto Bail;

DEBUGMSG(99, "Signature verified, add content\n");
//add object to cache here...
struct ccnl_prefix_s *prefix_a = 0;
struct ccnl_content_s *c = 0;
struct ccnl_buf_s *nonce=0, *ppkd=0, *pkt = 0;
unsigned char *content;
data = buf + 2;
int contlen;

pkt = ccnl_extract_prefix_nonce_ppkd(&data, &datalen, 0, 0,
0, 0, &prefix_a, &nonce, &ppkd, &content, &contlen);
if (!pkt) {
DEBUGMSG(6, " parsing error\n"); goto Done;
}
if (!prefix_a) {
DEBUGMSG(6, " no prefix error\n"); goto Done;
}
c = ccnl_content_new(ccnl, &pkt, &prefix_a, &ppkd,
content, contlen);
if (!c) goto Done;
ccnl_content_add2cache(ccnl, c);
c->flags |= CCNL_CONTENT_FLAGS_STATIC;

Done:
free_prefix(prefix);
free_prefix(prefix_a);
ccnl_free(pkt);
ccnl_free(nonce);
ccnl_free(ppkd);


}else{
DEBUGMSG(99, "Drop add-to-cache-request, signature could not be verified\n");
}
#endif


return 0;
Bail:
DEBUGMSG(99, "Error\n");
Expand All @@ -1588,9 +1592,6 @@ int
ccnl_mgmt_removecacheobject(struct ccnl_relay_s *ccnl, struct ccnl_buf_s *orig,
struct ccnl_prefix_s *prefix, struct ccnl_face_s *from)
{
DEBUGMSG(99, "Remove not yet implemented\n");


unsigned char *buf;
unsigned char *data;
unsigned char **components = 0;
Expand Down Expand Up @@ -1628,19 +1629,17 @@ ccnl_mgmt_removecacheobject(struct ccnl_relay_s *ccnl, struct ccnl_buf_s *orig,

if (dehead(&buf, &buflen, &num, &typ) != 0) goto Bail;
if (typ != CCN_TT_BLOB) goto Bail;



datalen = buflen - 2;
data = buf;
#ifndef CCNL_LINUXKERNEL
int verified = verify("/home/blacksheeep/.ssh/publickey.pem", data, datalen, sig, 256);
if(verified){
DEBUGMSG(99, "Signature verified, remove content\n");
}else{
DEBUGMSG(99, "Signature not verified");
goto Bail;
}
#endif

if (dehead(&buf, &buflen, &num, &typ) != 0) goto Bail;
if (typ != CCN_TT_DTAG || num != CCN_DTAG_NAME) goto Bail;
Expand Down Expand Up @@ -1672,11 +1671,11 @@ ccnl_mgmt_removecacheobject(struct ccnl_relay_s *ccnl, struct ccnl_buf_s *orig,
}
}
if(i == num_of_components){
DEBUGMSG(99, "Content Found\n");
DEBUGMSG(99, "Content found\n");
ccnl_content_remove(ccnl, c2);
}else
{
DEBUGMSG(99, "Ignore Request since content not found\n");
DEBUGMSG(99, "Ignore request since content not found\n");
}

return 0;
Expand Down
19 changes: 9 additions & 10 deletions util/ccn-lite-put.c
View file
Expand Up @@ -367,8 +367,13 @@ addToRelayCache(char *file_uri, char * socket_path, char *private_key_path)
len += mkStrBlob(out+len, CCN_DTAG_COMPONENT, CCN_TT_DTAG, "");
len += mkStrBlob(out+len, CCN_DTAG_COMPONENT, CCN_TT_DTAG, "addcacheobject");

//add signature to interest...
siglen = add_signature(stmt + len3, private_key_path, ccnb_file, fsize);
//add content to interest...
len3 += mkHeader(stmt+len3, CCN_DTAG_CONTENT, CCN_TT_DTAG);
len3 += addBlob(stmt+len3, ccnb_file, fsize);
stmt[len3++] = 0; // end content

len2 += mkHeader(contentobj+len2, CCN_DTAG_CONTENTOBJ, CCN_TT_DTAG); // contentobj
siglen = add_signature(contentobj+len2, private_key_path, stmt, len3);
if(!siglen)
{
printf("Could sign message\n");
Expand All @@ -378,14 +383,7 @@ addToRelayCache(char *file_uri, char * socket_path, char *private_key_path)
free(stmt);
return 0;
}
len3 += siglen;

//add content to interest...
len3 += mkHeader(stmt+len3, CCN_DTAG_CONTENT, CCN_TT_DTAG);
len3 += addBlob(stmt+len3, ccnb_file, fsize);
stmt[len3++] = 0; // end content

len2 += mkHeader(contentobj+len2, CCN_DTAG_CONTENTOBJ, CCN_TT_DTAG); // contentobj
len2 += siglen;
len2 += mkBlob(contentobj+len2, CCN_DTAG_CONTENT, CCN_TT_DTAG, // content
(char*) stmt, len3);

Expand Down Expand Up @@ -424,6 +422,7 @@ removeFormRelayCache(char *ccn_path, char * socket_path, char *private_key_path)

len += mkStrBlob(out+len, CCN_DTAG_COMPONENT, CCN_TT_DTAG, "ccnx");
len += mkStrBlob(out+len, CCN_DTAG_COMPONENT, CCN_TT_DTAG, "");
//signatur nach hier, über den rest
len += mkStrBlob(out+len, CCN_DTAG_COMPONENT, CCN_TT_DTAG, "removecacheobject");

// prepare debug statement
Expand Down

0 comments on commit a5dd8bb

Please sign in to comment.