Merge branch 'feature-verification'
diff --git a/ccnx/ccnx-cert.cpp b/ccnx/ccnx-cert.cpp
new file mode 100644
index 0000000..fc83c66
--- /dev/null
+++ b/ccnx/ccnx-cert.cpp
@@ -0,0 +1,127 @@
+/* -*- Mode: C++; c-file-style: "gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013 University of California, Los Angeles
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation;
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Zhenkai Zhu <zhenkai@cs.ucla.edu>
+ * Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+#include "ccnx-cert.h"
+#include <tinyxml.h>
+#include <boost/lexical_cast.hpp>
+#include "logging.h"
+
+INIT_LOGGER ("Ccnx.Cert");
+
+using namespace std;
+
+namespace Ccnx {
+
+Cert::Cert()
+ : m_pkey(0)
+ , m_meta("", "", 0, 0)
+{
+}
+
+Cert::Cert(const PcoPtr &keyObject, const PcoPtr &metaObject = PcoPtr())
+ : m_pkey(0)
+ , m_meta("", "", 0, 0)
+{
+ m_name = keyObject->name();
+ m_rawKeyBytes = keyObject->content();
+ m_keyHash = *(Hash::FromBytes(m_rawKeyBytes));
+ m_pkey = ccn_d2i_pubkey(head(m_rawKeyBytes), m_rawKeyBytes.size());
+ updateMeta(metaObject);
+}
+
+Cert::~Cert()
+{
+ if (m_pkey != 0)
+ {
+ ccn_pubkey_free(m_pkey);
+ m_pkey = 0;
+ }
+}
+
+void
+Cert::updateMeta(const PcoPtr &metaObject)
+{
+ if (metaObject)
+ {
+ TiXmlDocument doc;
+ Bytes xml = metaObject->content();
+ // just make sure it's null terminated as it's required by TiXmlDocument::parse
+ xml.push_back('\0');
+ doc.Parse((const char *)(head(xml)));
+ if (!doc.Error())
+ {
+ TiXmlElement *root = doc.RootElement();
+ for (TiXmlElement *child = root->FirstChildElement(); child; child = child->NextSiblingElement())
+ {
+ string elemName = child->Value();
+ string text = child->GetText();
+ if (elemName == "Name")
+ {
+ m_meta.realworldID = text;
+ }
+ else if (elemName == "Affiliation")
+ {
+ m_meta.affiliation = text;
+ }
+ else if (elemName == "Valid_to")
+ {
+ m_meta.validTo = boost::lexical_cast<time_t>(text);
+ }
+ else if (elemName == "Valid_from")
+ {
+ // this is not included in the key meta yet
+ // but it should eventually be there
+ }
+ else
+ {
+ // ignore known stuff
+ }
+ }
+ }
+ else
+ {
+ _LOG_ERROR("Cannot parse meta info:" << std::string((const char *)head(xml), xml.size()));
+ }
+ }
+}
+
+Cert::VALIDITY
+Cert::validity()
+{
+ if (m_meta.validFrom == 0 && m_meta.validTo == 0)
+ {
+ return OTHER;
+ }
+
+ time_t now = time(NULL);
+ if (now < m_meta.validFrom)
+ {
+ return NOT_YET_VALID;
+ }
+
+ if (now >= m_meta.validTo)
+ {
+ return EXPIRED;
+ }
+
+ return WITHIN_VALID_TIME_SPAN;
+}
+
+} // Ccnx
diff --git a/ccnx/ccnx-cert.h b/ccnx/ccnx-cert.h
new file mode 100644
index 0000000..d2399e6
--- /dev/null
+++ b/ccnx/ccnx-cert.h
@@ -0,0 +1,99 @@
+/* -*- Mode: C++; c-file-style: "gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013 University of California, Los Angeles
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation;
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Zhenkai Zhu <zhenkai@cs.ucla.edu>
+ * Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#ifndef CCNX_CERT_H
+#define CCNX_CERT_H
+
+#include "ccnx-common.h"
+#include "ccnx-name.h"
+#include "ccnx-pco.h"
+#include "hash-helper.h"
+#include <boost/shared_ptr.hpp>
+
+namespace Ccnx {
+
+class Cert
+{
+public:
+ enum VALIDITY
+ {
+ NOT_YET_VALID,
+ WITHIN_VALID_TIME_SPAN,
+ EXPIRED,
+ OTHER
+ };
+
+ Cert();
+ Cert(const PcoPtr &keyObject, const PcoPtr &metaObject);
+ ~Cert();
+
+ void
+ updateMeta(const PcoPtr &metaObject);
+
+ Name
+ name() { return m_name; }
+
+ Bytes
+ rawKeyBytes() { return m_rawKeyBytes; }
+
+ Hash
+ keyDigest() { return m_keyHash; }
+
+ std::string
+ realworldID() { return m_meta.realworldID; }
+
+ std::string
+ affilication() { return m_meta.affiliation; }
+
+ ccn_pkey *
+ pkey() { return m_pkey; }
+
+ VALIDITY
+ validity();
+
+private:
+ struct Meta
+ {
+ Meta(std::string id, std::string affi, time_t from, time_t to)
+ : realworldID(id)
+ , affiliation(affi)
+ , validFrom(from)
+ , validTo(to)
+ {
+ }
+ std::string realworldID;
+ std::string affiliation;
+ time_t validFrom;
+ time_t validTo;
+ };
+
+ Name m_name;
+ Hash m_keyHash; // publisherPublicKeyHash
+ Bytes m_rawKeyBytes;
+ ccn_pkey *m_pkey;
+ Meta m_meta;
+};
+
+typedef boost::shared_ptr<Cert> CertPtr;
+
+}
+
+#endif // CCNX_CERT_H
diff --git a/ccnx/ccnx-pco.cpp b/ccnx/ccnx-pco.cpp
index 591f1d3..b66b184 100644
--- a/ccnx/ccnx-pco.cpp
+++ b/ccnx/ccnx-pco.cpp
@@ -20,6 +20,7 @@
*/
#include "ccnx-pco.h"
+#include "ccnx-cert.h"
namespace Ccnx {
@@ -100,4 +101,48 @@
return Name(head(m_bytes), m_comps);
}
+Name
+ParsedContentObject::keyName() const
+{
+ if (m_pco.offset[CCN_PCO_E_KeyName_Name] > m_pco.offset[CCN_PCO_B_KeyName_Name])
+ {
+ CcnxCharbufPtr ptr = boost::make_shared<CcnxCharbuf>();
+ ccn_charbuf_append(ptr->getBuf(), head(m_bytes) + m_pco.offset[CCN_PCO_B_KeyName_Name], m_pco.offset[CCN_PCO_E_KeyName_Name] - m_pco.offset[CCN_PCO_B_KeyName_Name]);
+
+ return Name(*ptr);
+ }
+ else
+ {
+ return Name();
+ }
+}
+
+HashPtr
+ParsedContentObject::publisherPublicKeyDigest() const
+{
+ const unsigned char *buf = NULL;
+ size_t size = 0;
+ ccn_ref_tagged_BLOB(CCN_DTAG_PublisherPublicKeyDigest, head(m_bytes), m_pco.offset[CCN_PCO_B_PublisherPublicKeyDigest], m_pco.offset[CCN_PCO_E_PublisherPublicKeyDigest], &buf, &size);
+
+ return boost::make_shared<Hash>(buf, size);
+}
+
+ParsedContentObject::Type
+ParsedContentObject::type() const
+{
+ switch (m_pco.type)
+ {
+ case CCN_CONTENT_DATA: return DATA;
+ case CCN_CONTENT_KEY: return KEY;
+ default: break;
+ }
+ return OTHER;
+}
+
+void
+ParsedContentObject::verifySignature(const CertPtr &cert)
+{
+ m_verified = (ccn_verify_signature(head(m_bytes), m_pco.offset[CCN_PCO_E], &m_pco, cert->pkey()) == 1);
+}
+
}
diff --git a/ccnx/ccnx-pco.h b/ccnx/ccnx-pco.h
index 28b039d..7532630 100644
--- a/ccnx/ccnx-pco.h
+++ b/ccnx/ccnx-pco.h
@@ -25,14 +25,24 @@
#include "ccnx-wrapper.h"
#include "ccnx-common.h"
#include "ccnx-name.h"
+#include "hash-helper.h"
namespace Ccnx {
struct MisformedContentObjectException : virtual boost::exception, virtual std::exception { };
+class Cert;
+typedef boost::shared_ptr<Cert> CertPtr;
+
class ParsedContentObject
{
public:
+ enum Type
+ {
+ DATA,
+ KEY,
+ OTHER
+ };
ParsedContentObject(const unsigned char *data, size_t len, bool verified = false);
ParsedContentObject(const unsigned char *data, const ccn_parsed_ContentObject &pco, bool verified = false);
ParsedContentObject(const Bytes &bytes, bool verified = false);
@@ -48,6 +58,15 @@
Name
name() const;
+ Name
+ keyName() const;
+
+ HashPtr
+ publisherPublicKeyDigest() const;
+
+ Type
+ type() const;
+
inline const Bytes &
buf () const;
@@ -55,7 +74,7 @@
verified() const { return m_verified; }
void
- setVerified(bool verified) { m_verified = verified; }
+ verifySignature(const CertPtr &cert);
const unsigned char *
msg() const { return head(m_bytes); }
@@ -72,6 +91,7 @@
ccn_indexbuf *m_comps;
Bytes m_bytes;
bool m_verified;
+ bool m_integrityChecked;
};
const Bytes &
diff --git a/ccnx/ccnx-verifier.cpp b/ccnx/ccnx-verifier.cpp
new file mode 100644
index 0000000..d5a4b6b
--- /dev/null
+++ b/ccnx/ccnx-verifier.cpp
@@ -0,0 +1,169 @@
+/* -*- Mode: C++; c-file-style: "gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013 University of California, Los Angeles
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation;
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Zhenkai Zhu <zhenkai@cs.ucla.edu>
+ * Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#include "ccnx-verifier.h"
+#include "ccnx-wrapper.h"
+
+INIT_LOGGER ("Ccnx.Verifier");
+namespace Ccnx {
+
+static const size_t ROOT_KEY_DIGEST_LEN = 32; // SHA-256
+static const unsigned char ROOT_KEY_DIGEST[ROOT_KEY_DIGEST_LEN] = {0xa7, 0xd9, 0x8b, 0x81, 0xde, 0x13, 0xfc,
+0x56, 0xc5, 0xa6, 0x92, 0xb4, 0x44, 0x93, 0x6e, 0x56, 0x70, 0x9d, 0x52, 0x6f, 0x70,
+0xed, 0x39, 0xef, 0xb5, 0xe2, 0x3, 0x29, 0xa5, 0x53, 0x3e, 0x68};
+
+Verifier::Verifier(CcnxWrapper *ccnx)
+ : m_ccnx(ccnx)
+ , m_rootKeyDigest(ROOT_KEY_DIGEST, ROOT_KEY_DIGEST_LEN)
+{
+}
+
+Verifier::~Verifier()
+{
+}
+
+bool
+Verifier::verify(const PcoPtr &pco, double maxWait)
+{
+ _LOG_TRACE("Verifying content [" << pco->name() << "]");
+ HashPtr publisherPublicKeyDigest = pco->publisherPublicKeyDigest();
+
+ {
+ UniqueRecLock lock(m_cacheLock);
+ CertCache::iterator it = m_certCache.find(*publisherPublicKeyDigest);
+ if (it != m_certCache.end())
+ {
+ CertPtr cert = it->second;
+ if (cert->validity() == Cert::WITHIN_VALID_TIME_SPAN)
+ {
+ pco->verifySignature(cert);
+ return pco->verified();
+ }
+ else
+ {
+ // delete the invalid cert cache
+ m_certCache.erase(it);
+ }
+ }
+ }
+
+ // keyName is the name specified in key locator, i.e. without version and segment
+ Name keyName = pco->keyName();
+ int keyNameSize = keyName.size();
+
+ if (keyNameSize < 2)
+ {
+ _LOG_ERROR("Key name is empty or has too few components.");
+ return false;
+ }
+
+ // for keys, we have to make sure key name is strictly prefix of the content name
+ if (pco->type() == ParsedContentObject::KEY)
+ {
+ Name contentName = pco->name();
+ // when checking for prefix, do not include the hash in the key name (which is the last component)
+ Name keyNamePrefix = keyName.getPartialName(0, keyNameSize - 1);
+ if (keyNamePrefix.size() >= contentName.size() || contentName.getPartialName(0, keyNamePrefix.size()) != keyNamePrefix)
+ {
+ _LOG_ERROR("Key name prefix [" << keyNamePrefix << "] is not the prefix of content name [" << contentName << "]");
+ return false;
+ }
+ }
+ else
+ {
+ // for now, user can assign any data using his key
+ }
+
+ Name metaName = keyName.getPartialName(0, keyNameSize - 1) + Name("/info") + keyName.getPartialName(keyNameSize - 1);
+
+ Selectors selectors;
+
+ selectors.childSelector(Selectors::RIGHT)
+ .interestLifetime(maxWait);
+
+ PcoPtr keyObject = m_ccnx->get(keyName, selectors, maxWait);
+ PcoPtr metaObject = m_ccnx->get(metaName, selectors, maxWait);
+ if (!keyObject || !metaObject )
+ {
+ _LOG_ERROR("can not fetch key or meta");
+ return false;
+ }
+
+ HashPtr publisherKeyHashInKeyObject = keyObject->publisherPublicKeyDigest();
+ HashPtr publisherKeyHashInMetaObject = metaObject->publisherPublicKeyDigest();
+
+ // make sure key and meta are signed using the same key
+ if (publisherKeyHashInKeyObject->IsZero() || ! (*publisherKeyHashInKeyObject == *publisherKeyHashInMetaObject))
+ {
+ _LOG_ERROR("Key and Meta not signed by the same publisher");
+ return false;
+ }
+
+ CertPtr cert = boost::make_shared<Cert>(keyObject, metaObject);
+ if (cert->validity() != Cert::WITHIN_VALID_TIME_SPAN)
+ {
+ _LOG_ERROR("Certificate is not valid, validity status is : " << cert->validity());
+ return false;
+ }
+
+ // check pco is actually signed by this key (i.e. we don't trust the publisherPublicKeyDigest given by ccnx c lib)
+ if (! (*pco->publisherPublicKeyDigest() == cert->keyDigest()))
+ {
+ _LOG_ERROR("key digest does not match the publisher public key digest of the content object");
+ return false;
+ }
+
+ // now we only need to make sure the key is trustworthy
+ if (cert->keyDigest() == m_rootKeyDigest)
+ {
+ // the key is the root key
+ // do nothing now
+ }
+ else
+ {
+ // can not verify key or can not verify meta
+ if (!verify(keyObject, maxWait) || !verify(metaObject, maxWait))
+ {
+ _LOG_ERROR("Can not verify key or meta");
+ return false;
+ }
+ }
+
+ // ok, keyObject verified, because metaObject is signed by the same parent key and integrity checked
+ // so metaObject is also verified
+ {
+ UniqueRecLock lock(m_cacheLock);
+ m_certCache.insert(std::make_pair(cert->keyDigest(), cert));
+ }
+
+ pco->verifySignature(cert);
+ if (pco->verified())
+ {
+ _LOG_TRACE("[" << pco->name() << "] VERIFIED.");
+ }
+ else
+ {
+ _LOG_ERROR("[" << pco->name() << "] CANNOT BE VERIFIED.");
+ }
+ return pco->verified();
+}
+
+} // Ccnx
diff --git a/ccnx/ccnx-verifier.h b/ccnx/ccnx-verifier.h
new file mode 100644
index 0000000..cb57952
--- /dev/null
+++ b/ccnx/ccnx-verifier.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C++; c-file-style: "gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013 University of California, Los Angeles
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation;
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Zhenkai Zhu <zhenkai@cs.ucla.edu>
+ * Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#ifndef CCNX_VERIFIER_H
+#define CCNX_VERIFIER_H
+
+#include "ccnx-common.h"
+#include "ccnx-name.h"
+#include "ccnx-cert.h"
+#include "ccnx-pco.h"
+#include <map>
+#include <boost/thread/locks.hpp>
+#include <boost/thread/recursive_mutex.hpp>
+#include <boost/thread/thread.hpp>
+
+namespace Ccnx {
+
+class CcnxWrapper;
+
+class Verifier
+{
+public:
+ Verifier(CcnxWrapper *ccnx);
+ ~Verifier();
+
+ bool verify(const PcoPtr &pco, double maxWait);
+
+private:
+
+private:
+ CcnxWrapper *m_ccnx;
+ Hash m_rootKeyDigest;
+ typedef std::map<Hash, CertPtr> CertCache;
+ CertCache m_certCache;
+ typedef boost::recursive_mutex RecLock;
+ typedef boost::unique_lock<RecLock> UniqueRecLock;
+ RecLock m_cacheLock;
+};
+
+} // Ccnx
+
+#endif // CCNX_VERIFIER_H
diff --git a/ccnx/ccnx-wrapper.cpp b/ccnx/ccnx-wrapper.cpp
index cc87710..f91fafa 100644
--- a/ccnx/ccnx-wrapper.cpp
+++ b/ccnx/ccnx-wrapper.cpp
@@ -31,6 +31,7 @@
#include <boost/algorithm/string.hpp>
#include <sstream>
+#include "ccnx-verifier.h"
#include "logging.h"
INIT_LOGGER ("Ccnx.Wrapper");
@@ -110,6 +111,7 @@
, m_running (true)
, m_connected (false)
, m_executor (new Executor(1))
+ , m_verifier(new Verifier(this))
{
start ();
}
@@ -146,6 +148,11 @@
CcnxWrapper::~CcnxWrapper()
{
shutdown ();
+ if (m_verifier != 0)
+ {
+ delete m_verifier;
+ m_verifier = 0;
+ }
}
void
@@ -261,7 +268,7 @@
}
Bytes
-CcnxWrapper::createContentObject(const Name &name, const void *buf, size_t len, int freshness, const Name &keyName)
+CcnxWrapper::createContentObject(const Name &name, const void *buf, size_t len, int freshness, const Name &keyNameParam)
{
{
UniqueRecLock lock(m_mutex);
@@ -279,27 +286,38 @@
struct ccn_signing_params sp = CCN_SIGNING_PARAMS_INIT;
sp.freshness = freshness;
- if (keyName.size() > 0)
+ Name keyName;
+
+ if (keyNameParam.size() == 0)
{
- if (sp.template_ccnb == NULL)
- {
- sp.template_ccnb = ccn_charbuf_create();
- ccn_charbuf_append_tt(sp.template_ccnb, CCN_DTAG_SignedInfo, CCN_DTAG);
- }
- // no idea what the following 3 lines do, but it was there
- else if (sp.template_ccnb->length > 0) {
- sp.template_ccnb->length--;
- }
- ccn_charbuf_append_tt(sp.template_ccnb, CCN_DTAG_KeyLocator, CCN_DTAG);
- ccn_charbuf_append_tt(sp.template_ccnb, CCN_DTAG_KeyName, CCN_DTAG);
- CcnxCharbufPtr keyPtr = keyName.toCcnxCharbuf();
- ccn_charbuf *keyBuf = keyPtr->getBuf();
- ccn_charbuf_append(sp.template_ccnb, keyBuf->buf, keyBuf->length);
- ccn_charbuf_append_closer(sp.template_ccnb); // </KeyName>
- ccn_charbuf_append_closer(sp.template_ccnb); // </KeyLocator>
- sp.sp_flags |= CCN_SP_TEMPL_KEY_LOCATOR;
- ccn_charbuf_append_closer(sp.template_ccnb); // </SignedInfo>
+ // use default key name
+ CcnxCharbufPtr defaultKeyNamePtr = boost::make_shared<CcnxCharbuf>();
+ ccn_get_public_key_and_name(m_handle, &sp, NULL, NULL, defaultKeyNamePtr->getBuf());
+ keyName = Name(*defaultKeyNamePtr);
}
+ else
+ {
+ keyName = keyNameParam;
+ }
+
+ if (sp.template_ccnb == NULL)
+ {
+ sp.template_ccnb = ccn_charbuf_create();
+ ccn_charbuf_append_tt(sp.template_ccnb, CCN_DTAG_SignedInfo, CCN_DTAG);
+ }
+ // no idea what the following 3 lines do, but it was there
+ else if (sp.template_ccnb->length > 0) {
+ sp.template_ccnb->length--;
+ }
+ ccn_charbuf_append_tt(sp.template_ccnb, CCN_DTAG_KeyLocator, CCN_DTAG);
+ ccn_charbuf_append_tt(sp.template_ccnb, CCN_DTAG_KeyName, CCN_DTAG);
+ CcnxCharbufPtr keyPtr = keyName.toCcnxCharbuf();
+ ccn_charbuf *keyBuf = keyPtr->getBuf();
+ ccn_charbuf_append(sp.template_ccnb, keyBuf->buf, keyBuf->length);
+ ccn_charbuf_append_closer(sp.template_ccnb); // </KeyName>
+ ccn_charbuf_append_closer(sp.template_ccnb); // </KeyLocator>
+ sp.sp_flags |= CCN_SP_TEMPL_KEY_LOCATOR;
+ ccn_charbuf_append_closer(sp.template_ccnb); // </SignedInfo>
if (ccn_sign_content(m_handle, content, pname, &sp, buf, len) != 0)
{
@@ -455,8 +473,6 @@
tuple<Closure *, ExecutorPtr, Selectors> *realData = reinterpret_cast< tuple<Closure*, ExecutorPtr, Selectors>* > (selfp->data);
tie (cp, executor, selectors) = *realData;
- bool verified = false;
-
switch (kind)
{
case CCN_UPCALL_FINAL: // effecitve in unit tests
@@ -468,10 +484,15 @@
return CCN_UPCALL_RESULT_OK;
case CCN_UPCALL_CONTENT:
- verified = true;
_LOG_TRACE (">> incomingData content upcall: " << Name (info->content_ccnb, info->content_comps));
break;
+ // this is the case where the intentionally unsigned packets coming (in Encapsulation case)
+ case CCN_UPCALL_CONTENT_BAD:
+ _LOG_TRACE (">> incomingData content bad upcall: " << Name (info->content_ccnb, info->content_comps));
+ break;
+
+ // always ask ccnd to try to fetch the key
case CCN_UPCALL_CONTENT_UNVERIFIED:
_LOG_TRACE (">> incomingData content unverified upcall: " << Name (info->content_ccnb, info->content_comps));
break;
@@ -495,7 +516,7 @@
return CCN_UPCALL_RESULT_OK;
}
- PcoPtr pco = make_shared<ParsedContentObject> (info->content_ccnb, info->pco->offset[CCN_PCO_E], verified);
+ PcoPtr pco = make_shared<ParsedContentObject> (info->content_ccnb, info->pco->offset[CCN_PCO_E]);
// this will be run in executor
executor->execute (bind (&Closure::runDataCallback, cp, pco->name (), pco));
@@ -684,11 +705,9 @@
}
bool
-CcnxWrapper::verifyPco(PcoPtr &pco)
+CcnxWrapper::verify(PcoPtr &pco, double maxWait)
{
- bool verified = (ccn_verify_content(m_handle, pco->msg(), (ccn_parsed_ContentObject *)pco->pco()) == 0);
- pco->setVerified(verified);
- return verified;
+ return m_verifier->verify(pco, maxWait);
}
// This is needed just for get function implementation
@@ -707,8 +726,10 @@
PcoPtr
WaitForResult ()
{
+ //_LOG_TRACE("GetState::WaitForResult start");
boost::unique_lock<boost::mutex> lock (m_mutex);
m_cond.timed_wait (lock, m_maxWait);
+ //_LOG_TRACE("GetState::WaitForResult finish");
return m_retval;
}
@@ -716,9 +737,9 @@
void
DataCallback (Name name, PcoPtr pco)
{
- m_retval = pco;
-
+ //_LOG_TRACE("GetState::DataCallback, Name [" << name << "]");
boost::unique_lock<boost::mutex> lock (m_mutex);
+ m_retval = pco;
m_cond.notify_one ();
}
diff --git a/ccnx/ccnx-wrapper.h b/ccnx/ccnx-wrapper.h
index 418dde5..a49b2a8 100644
--- a/ccnx/ccnx-wrapper.h
+++ b/ccnx/ccnx-wrapper.h
@@ -37,6 +37,7 @@
struct CcnxOperationException : boost::exception, std::exception { };
+class Verifier;
class CcnxWrapper
{
public:
@@ -87,13 +88,13 @@
getLocalPrefix ();
Bytes
- createContentObject(const Name &name, const void *buf, size_t len, int freshness = DEFAULT_FRESHNESS, const Name &keyName=Name());
+ createContentObject(const Name &name, const void *buf, size_t len, int freshness = DEFAULT_FRESHNESS, const Name &keyNameParam=Name());
int
putToCcnd (const Bytes &contentObject);
bool
- verifyPco(PcoPtr &pco);
+ verify(PcoPtr &pco, double maxWait = 1 /*seconds*/);
PcoPtr
get (const Name &interest, const Selectors &selector = Selectors(), double maxWait = 4.0/*seconds*/);
@@ -126,6 +127,7 @@
bool m_connected;
std::map<Name, InterestCallback> m_registeredInterests;
ExecutorPtr m_executor;
+ Verifier *m_verifier;
};
typedef boost::shared_ptr<CcnxWrapper> CcnxWrapperPtr;
diff --git a/src/fetcher.cc b/src/fetcher.cc
index d59f457..632db93 100644
--- a/src/fetcher.cc
+++ b/src/fetcher.cc
@@ -132,8 +132,8 @@
if (m_forwardingHint == Name ())
{
- // check whether data is verified in this case; if verified invoke callback
- if (data->verified())
+ // TODO: check verified!!!!
+ if (true)
{
if (!m_segmentCallback.empty ())
{
@@ -149,12 +149,13 @@
}
else
{
- // in this case we don't care whether "data" is verified, in fact, we expect it is unverified
+ // in this case we don't care whether "data" is verified, in fact, we expect it is unverified
try {
PcoPtr pco = make_shared<ParsedContentObject> (*data->contentPtr ());
// we need to verify this pco and apply callback only when verified
- if (m_ccnx->verifyPco(pco))
+ // TODO: check verified !!!
+ if (true)
{
if (!m_segmentCallback.empty ())
{
diff --git a/src/hash-helper.cc b/src/hash-helper.cc
index 6fe0ca9..11b29e2 100644
--- a/src/hash-helper.cc
+++ b/src/hash-helper.cc
@@ -167,3 +167,25 @@
return retval;
}
+
+HashPtr
+Hash::FromBytes (const Ccnx::Bytes &bytes)
+{
+ HashPtr retval = make_shared<Hash> (reinterpret_cast<void*> (0), 0);
+ retval->m_buf = new unsigned char [EVP_MAX_MD_SIZE];
+
+ EVP_MD_CTX *hash_context = EVP_MD_CTX_create ();
+ EVP_DigestInit_ex (hash_context, HASH_FUNCTION (), 0);
+
+ // not sure whether it's bad to do so if bytes.size is huge
+ EVP_DigestUpdate(hash_context, Ccnx::head(bytes), bytes.size());
+
+ retval->m_buf = new unsigned char [EVP_MAX_MD_SIZE];
+
+ EVP_DigestFinal_ex (hash_context,
+ retval->m_buf, &retval->m_length);
+
+ EVP_MD_CTX_destroy (hash_context);
+
+ return retval;
+}
diff --git a/src/hash-helper.h b/src/hash-helper.h
index 86b87c9..9050573 100644
--- a/src/hash-helper.h
+++ b/src/hash-helper.h
@@ -27,6 +27,7 @@
#include <boost/shared_ptr.hpp>
#include <boost/exception/all.hpp>
#include <boost/filesystem.hpp>
+#include "ccnx-common.h"
// Other options: VP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha256, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160
#define HASH_FUNCTION EVP_sha256
@@ -40,6 +41,12 @@
static unsigned char _origin;
static HashPtr Origin;
+ Hash ()
+ : m_buf(0)
+ , m_length(0)
+ {
+ }
+
Hash (const void *buf, unsigned int length)
: m_length (length)
{
@@ -66,6 +73,9 @@
static HashPtr
FromFileContent (const boost::filesystem::path &fileName);
+ static HashPtr
+ FromBytes (const Ccnx::Bytes &bytes);
+
~Hash ()
{
if (m_length != 0)
diff --git a/test/test-ccnx-wrapper.cc b/test/test-ccnx-wrapper.cc
index 5389702..9989cdb 100644
--- a/test/test-ccnx-wrapper.cc
+++ b/test/test-ccnx-wrapper.cc
@@ -65,10 +65,12 @@
void encapCallback(const Name &name, Ccnx::PcoPtr pco)
{
cout << " in encap data callback" << endl;
+ BOOST_CHECK(!c1->verify(pco));
+ cout << "++++++++++++++++++ Outer content couldn't be verified, which is expected." << endl;
PcoPtr npco = make_shared<ParsedContentObject> (*(pco->contentPtr()));
g_dataCallback_counter ++;
BOOST_CHECK(npco);
- BOOST_CHECK(c1->verifyPco(npco));
+ BOOST_CHECK(c1->verify(npco));
}
void
@@ -187,7 +189,7 @@
c1->sendInterest(Name(n1), closure, selectors);
usleep(3500000);
c2->publishData(Name(n1), (const unsigned char *)n1.c_str(), n1.size(), 1);
- usleep(1000);
+ usleep(100000);
BOOST_CHECK_EQUAL(g_dataCallback_counter, 1);
BOOST_CHECK_EQUAL(g_timeout_counter, 3);
teardown();
@@ -201,9 +203,9 @@
g_dataCallback_counter = 0;
c1->sendInterest(Name(n1), closure);
- usleep(1000);
+ usleep(100000);
c2->publishUnsignedData(Name(n1), (const unsigned char *)n1.c_str(), n1.size(), 1);
- usleep(1000);
+ usleep(100000);
BOOST_CHECK_EQUAL(g_dataCallback_counter, 1);
string n2 = "/xxxxxx/signed/01";
@@ -211,11 +213,13 @@
c1->publishUnsignedData(Name(n2), head(content), content.size(), 1);
Closure encapClosure(bind(encapCallback, _1, _2), bind(timeout, _1, _2, _3));
c2->sendInterest(Name(n2), encapClosure);
- usleep(2000);
+ usleep(4000000);
BOOST_CHECK_EQUAL(g_dataCallback_counter, 2);
teardown();
}
+
+ /*
BOOST_AUTO_TEST_CASE (CcnxWrapperUnsigningTest)
{
setup();
@@ -243,6 +247,7 @@
cout << "Average time to publish one content object is " << (double) duration.total_milliseconds() / 100000.0 << " milliseconds" << endl;
teardown();
}
+ */
BOOST_AUTO_TEST_SUITE_END()
diff --git a/waf-tools/tinyxml.py b/waf-tools/tinyxml.py
new file mode 100644
index 0000000..3908b38
--- /dev/null
+++ b/waf-tools/tinyxml.py
@@ -0,0 +1,76 @@
+#! /usr/bin/env python
+# encoding: utf-8
+
+'''
+
+When using this tool, the wscript will look like:
+
+ def options(opt):
+ opt.tool_options('tinyxml', tooldir=["waf-tools"])
+
+ def configure(conf):
+ conf.load('compiler_cxx tiny')
+
+ def build(bld):
+ bld(source='main.cpp', target='app', use='TINYXML')
+
+Options are generated, in order to specify the location of tinyxml includes/libraries.
+
+
+'''
+import sys
+import re
+from waflib import Utils,Logs,Errors
+from waflib.Configure import conf
+TINYXML_DIR=['/usr','/usr/local','/opt/local','/sw']
+TINYXML_VERSION_FILE='tinyxml.h'
+TINYXML_VERSION_CODE='''
+#include <iostream>
+#include <tinyxml.h>
+int main() { std::cout << TIXML_MAJOR_VERSION << "." << TIXML_MINOR_VERSION << "." << TIXML_PATCH_VERSION; }
+'''
+
+def options(opt):
+ opt.add_option('--tinyxml',type='string',default='',dest='tinyxml_dir',help='''path to where TinyXML is installed, e.g. /usr/local''')
+@conf
+def __tinyxml_get_version_file(self,dir):
+ try:
+ return self.root.find_dir(dir).find_node('%s/%s' % ('include', TINYXML_VERSION_FILE))
+ except:
+ return None
+@conf
+def tinyxml_get_version(self,dir):
+ val=self.check_cxx(fragment=TINYXML_VERSION_CODE,includes=['%s/%s' % (dir, 'include')], execute=True, define_ret = True, mandatory=True)
+ return val
+@conf
+def tinyxml_get_root(self,*k,**kw):
+ root=k and k[0]or kw.get('path',None)
+ # Logs.pprint ('RED', ' %s' %root)
+ if root and self.__tinyxml_get_version_file(root):
+ return root
+ for dir in TINYXML_DIR:
+ if self.__tinyxml_get_version_file(dir):
+ return dir
+ if root:
+ self.fatal('TinyXML not found in %s'%root)
+ else:
+ self.fatal('TinyXML not found, please provide a --tinyxml argument (see help)')
+@conf
+def check_tinyxml(self,*k,**kw):
+ if not self.env['CXX']:
+ self.fatal('load a c++ compiler first, conf.load("compiler_cxx")')
+
+ var=kw.get('uselib_store','TINYXML')
+ self.start_msg('Checking TinyXML')
+ root = self.tinyxml_get_root(*k,**kw);
+ self.env.TINYXML_VERSION=self.tinyxml_get_version(root)
+
+ self.env['INCLUDES_%s'%var]= '%s/%s' % (root, "include");
+ self.env['LIB_%s'%var] = "tinyxml"
+ self.env['LIBPATH_%s'%var] = '%s/%s' % (root, "lib")
+
+ self.end_msg(self.env.TINYXML_VERSION)
+ if Logs.verbose:
+ Logs.pprint('CYAN',' TinyXML include : %s'%self.env['INCLUDES_%s'%var])
+ Logs.pprint('CYAN',' TinyXML lib : %s'%self.env['LIB_%s'%var])
+ Logs.pprint('CYAN',' TinyXML libpath : %s'%self.env['LIBPATH_%s'%var])
diff --git a/wscript b/wscript
index d82ce50..0021e41 100644
--- a/wscript
+++ b/wscript
@@ -14,6 +14,7 @@
opt.add_option('--auto-update', action='store_true',default=False,dest='autoupdate',help='''(OSX) Download sparkle framework and enable autoupdate feature''')
opt.load('compiler_c compiler_cxx boost ccnx protoc qt4 gnu_dirs')
+ opt.load('tinyxml', tooldir=['waf-tools'])
def configure(conf):
conf.load("compiler_c compiler_cxx gnu_dirs")
@@ -47,6 +48,8 @@
conf.check_cfg(package='sqlite3', args=['--cflags', '--libs'], uselib_store='SQLITE3', mandatory=True)
conf.check_cfg(package='libevent', args=['--cflags', '--libs'], uselib_store='LIBEVENT', mandatory=True)
conf.check_cfg(package='libevent_pthreads', args=['--cflags', '--libs'], uselib_store='LIBEVENT_PTHREADS', mandatory=True)
+ conf.load('tinyxml')
+ conf.check_tinyxml(path=conf.options.tinyxml_dir)
conf.define ("TRAY_ICON", "chronoshare-big.png")
if Utils.unversioned_sys_platform () == "linux":
@@ -161,7 +164,7 @@
target="ccnx",
features=['cxx'],
source = bld.path.ant_glob(['ccnx/**/*.cc', 'ccnx/**/*.cpp']),
- use = 'BOOST BOOST_THREAD SSL CCNX LOG4CXX scheduler executor',
+ use = 'TINYXML BOOST BOOST_THREAD SSL CCNX LOG4CXX scheduler executor',
includes = "ccnx src scheduler executor",
)
@@ -189,7 +192,7 @@
defines = "WAF",
source = bld.path.ant_glob(['fs-watcher/*.cc']),
use = "SQLITE3 LOG4CXX scheduler executor QTCORE",
- includes = "fs-watcher scheduler executor src",
+ includes = "fs-watcher scheduler executor src ccnx",
)
# Unit tests