Beispiel #1
0
static void testVerifyDocumentHash(CuTest *tc) {
	int res;

	unsigned char in[0x1ffff];
	unsigned in_len = 0;

	char doc[] = "LAPTOP";
	KSI_DataHash *hsh = NULL;

	FILE *f = NULL;
	KSI_Signature *sig = NULL;

	KSI_ERR_clearErrors(ctx);

	f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb");
	CuAssert(tc, "Unable to open signature file.", f != NULL);

	in_len = (unsigned)fread(in, 1, sizeof(in), f);
	CuAssert(tc, "Nothing read from signature file.", in_len > 0);

	fclose(f);

	res = KSI_Signature_parse(ctx, in, in_len, &sig);
	CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL);

	/* Chech correct document. */
	res = KSI_DataHash_create(ctx, doc, strlen(doc), KSI_HASHALG_SHA2_256, &hsh);
	CuAssert(tc, "Failed to create data hash", res == KSI_OK && hsh != NULL);

	res = KSI_Signature_verifyDataHash(sig, ctx, hsh);
	CuAssert(tc, "Failed to verify valid document", res == KSI_OK);

	KSI_DataHash_free(hsh);
	hsh = NULL;

	/* Chech wrong document. */
	res = KSI_DataHash_create(ctx, doc, sizeof(doc), KSI_HASHALG_SHA2_256, &hsh);
	CuAssert(tc, "Failed to create data hash", res == KSI_OK && hsh != NULL);

	res = KSI_Signature_verifyDataHash(sig, ctx, hsh);
	CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE);

	KSI_DataHash_free(hsh);
	hsh = NULL;

	/* Check correct document with wrong hash algorithm. */
	res = KSI_DataHash_create(ctx, doc, strlen(doc), KSI_HASHALG_SHA2_512, &hsh);
	CuAssert(tc, "Failed to create data hash", res == KSI_OK && hsh != NULL);

	res = KSI_Signature_verifyDataHash(sig, ctx, hsh);
	CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE);

	KSI_DataHash_free(hsh);


	KSI_Signature_free(sig);
}
static void addInput(CuTest *tc, KSI_BlockSigner *bs, int genMeta) {
	int res = KSI_UNKNOWN_ERROR;
	size_t i;
	KSI_DataHash *hsh = NULL;
	KSI_MetaData *md = NULL;

	for (i = 0; input_data[i] != NULL; i++) {
		res = KSI_DataHash_create(ctx, input_data[i], strlen(input_data[i]), KSI_HASHALG_SHA2_256, &hsh);
		CuAssert(tc, "Unable to create data hash.", res == KSI_OK && hsh != NULL);

		if (genMeta) {
			char clientId[100];
			KSI_snprintf(clientId, sizeof(clientId), "Client-%d", i);

			res = createMetaData(clientId, &md);
			CuAssert(tc, "Unable to create metadata.", res == KSI_OK && md != NULL);

			res = KSI_BlockSigner_addLeaf(bs, hsh, 0, md, NULL);
			CuAssert(tc, "Unable to add leaf with meta data.", res == KSI_OK);

			KSI_MetaData_free(md);
			md = NULL;
		} else {
			res = KSI_BlockSigner_add(bs, hsh);
			CuAssert(tc, "Unable to add data hash to the block signer.", res == KSI_OK);
		}
		KSI_DataHash_free(hsh);
		hsh = NULL;
	}
}
static void testMaskingWithMetaDataMultiSig(CuTest *tc) {
#define TEST_AGGR_RESPONSE_FILE  "resource/tlv/test_meta_data_masking.tlv"
	static const unsigned char diceRolls[] = {0xd5, 0x58, 0xaf, 0xfa, 0x80, 0x67, 0xf4, 0x2c, 0xd9, 0x48, 0x36, 0x21, 0xd1, 0xab,
			0xae, 0x23, 0xed, 0xd6, 0xca, 0x04, 0x72, 0x7e, 0xcf, 0xc7, 0xdb, 0xc7, 0x6b, 0xde, 0x34, 0x77, 0x1e, 0x53};
	int res = KSI_UNKNOWN_ERROR;
	KSI_BlockSigner *bs = NULL;
	KSI_MultiSignature *ms = NULL;
	size_t i;
	KSI_DataHash *hsh = NULL;
	KSI_Signature *sig = NULL;
	KSI_DataHash *zero = NULL;
	KSI_OctetString *iv = NULL;

	/* Create zero hash. */
	res = KSI_DataHash_createZero(ctx, KSI_HASHALG_SHA2_512, &zero);
	CuAssert(tc, "Unable to create zero hash.", res == KSI_OK && zero != NULL);

	/* Create random initial vector. */
	res = KSI_OctetString_new(ctx, diceRolls, sizeof(diceRolls), &iv);
	CuAssert(tc, "Unable to create initial vector.", res == KSI_OK && iv != NULL);

	res = KSI_BlockSigner_new(ctx, KSI_HASHALG_SHA1, zero, iv, &bs);
	CuAssert(tc, "Unable to create block signer instance with masking.", res == KSI_OK && bs != NULL);

	addInput(tc, bs, 1);

	res = KSI_CTX_setAggregator(ctx, getFullResourcePathUri(TEST_AGGR_RESPONSE_FILE), TEST_USER, TEST_PASS);
	CuAssert(tc, "Unable to set aggregator file URI.", res == KSI_OK);

	res = KSI_BlockSigner_close(bs, &ms);
	CuAssert(tc, "Unable to close block signer and extract multi signature.", res == KSI_OK && ms != NULL);
	res = KSITest_setDefaultPubfileAndVerInfo(ctx);
	CuAssert(tc, "Unable to set default pubfile, default cert and default pki constraints.", res == KSI_OK);

	/* Lets loop over all the inputs and try to verify them. */
	for (i = 0; input_data[i] != NULL; i++) {
		res = KSI_DataHash_create(ctx, input_data[i], strlen(input_data[i]), KSI_HASHALG_SHA2_256, &hsh);
		CuAssert(tc, "Unable to create data hash.", res == KSI_OK && hsh != NULL);

		res = KSI_MultiSignature_get(ms, hsh, &sig);
		CuAssert(tc, "Unable to extract signature from the multi signature container.", res == KSI_OK && sig != NULL);

		res = KSI_Signature_verifyDocument(sig, ctx, (void *)input_data[i], strlen(input_data[i]));
		CuAssert(tc, "Unable to verify the input data.", res == KSI_OK);
		KSI_Signature_free(sig);
		sig = NULL;

		KSI_DataHash_free(hsh);
		hsh = NULL;
	}

	KSI_OctetString_free(iv);
	KSI_DataHash_free(zero);
	KSI_DataHash_free(hsh);
	KSI_MultiSignature_free(ms);
	KSI_BlockSigner_free(bs);
#undef TEST_AGGR_RESPONSE_FILE
}
static void testMultiSig(CuTest *tc) {
#define TEST_AGGR_RESPONSE_FILE  "resource/tlv/ok-aggr-resp-1460631424.tlv"
	int res = KSI_UNKNOWN_ERROR;
	KSI_BlockSigner *bs = NULL;
	KSI_MultiSignature *ms = NULL;
	size_t i;
	KSI_DataHash *hsh = NULL;
	KSI_Signature *sig = NULL;

	res = KSI_BlockSigner_new(ctx, KSI_HASHALG_SHA1, NULL, NULL, &bs);
	CuAssert(tc, "Unable to create block signer instance.", res == KSI_OK && bs != NULL);

	addInput(tc, bs, 0);

	res = KSI_CTX_setAggregator(ctx, getFullResourcePathUri(TEST_AGGR_RESPONSE_FILE), TEST_USER, TEST_PASS);
	CuAssert(tc, "Unable to set aggregator file URI.", res == KSI_OK);

	res = KSI_BlockSigner_close(bs, &ms);
	CuAssert(tc, "Unable to close block signer and extract multi signature.", res == KSI_OK && ms != NULL);

	/* Lets loop over all the inputs and try to verify them. */
	for (i = 0; input_data[i] != NULL; i++) {
		res = KSI_DataHash_create(ctx, input_data[i], strlen(input_data[i]), KSI_HASHALG_SHA2_256, &hsh);
		CuAssert(tc, "Unable to create data hash.", res == KSI_OK && hsh != NULL);

		res = KSI_MultiSignature_get(ms, hsh, &sig);
		CuAssert(tc, "Unable to extract signature from the multi signature container.", res == KSI_OK && sig != NULL);

		res = KSI_Signature_verifyDocument(sig, ctx, (void *)input_data[i], strlen(input_data[i]));
		CuAssert(tc, "Unable to verify the input data.", res == KSI_OK);

		KSI_Signature_free(sig);
		sig = NULL;

		KSI_DataHash_free(hsh);
		hsh = NULL;
	}

	KSI_DataHash_free(hsh);
	KSI_MultiSignature_free(ms);
	KSI_BlockSigner_free(bs);
#undef TEST_AGGR_RESPONSE_FILE
}
static void testMedaData(CuTest *tc) {
#define TEST_AGGR_RESPONSE_FILE  "resource/tlv/test_meta_data_response.tlv"
	int res = KSI_UNKNOWN_ERROR;
	KSI_BlockSigner *bs = NULL;
	KSI_MetaData *md = NULL;
	char data[] = "LAPTOP";
	char *clientId[] = { "Alice", "Bob", "Claire", NULL };
	size_t i;
	KSI_DataHash *hsh = NULL;
	KSI_BlockSignerHandle *hndl[] = {NULL, NULL, NULL};
	KSI_Signature *sig = NULL;
	char *id = NULL;

	res = KSI_DataHash_create(ctx, data, strlen(data), KSI_HASHALG_SHA2_256, &hsh);
	CuAssert(tc, "Unable to create data hash.", res == KSI_OK && hsh != NULL);

	res = KSI_BlockSigner_new(ctx, KSI_HASHALG_SHA2_256, NULL, NULL, &bs);
	CuAssert(tc, "Unable to create block signer instance.", res == KSI_OK && bs != NULL);

	for (i = 0; clientId[i] != NULL; i++) {
		res = createMetaData(clientId[i], &md);
		CuAssert(tc, "Unable to create meta-data.", res == KSI_OK && md != NULL);

		res = KSI_BlockSigner_addLeaf(bs, hsh, 0, md, &hndl[i]);
		CuAssert(tc, "Unable to add leaf to the block signer.", res == KSI_OK && hndl[i] != NULL);

		KSI_MetaData_free(md);
		md = NULL;

	}

	res = KSI_CTX_setAggregator(ctx, getFullResourcePathUri(TEST_AGGR_RESPONSE_FILE), TEST_USER, TEST_PASS);
	CuAssert(tc, "Unable to set aggregator file URI.", res == KSI_OK);

	res = KSI_BlockSigner_close(bs, NULL);
	CuAssert(tc, "Unable to close the blocksigner.", res == KSI_OK);

	/* Loop over all the handles, and extract the signature. */
	for (i = 0; clientId[i] != NULL; i++) {
		char expId[0xff];

		/* Extract the signature. */
		res = KSI_BlockSignerHandle_getSignature(hndl[i], &sig);
		CuAssert(tc, "Unable to extract signature.", res == KSI_OK && sig != NULL);

		/* Verify the signature. */
		res = KSI_verifySignature(ctx, sig);
		CuAssert(tc, "Unable to verify the extracted signature.", res == KSI_OK);

		/* Extract the id attribution. */
		res = KSI_Signature_getSignerIdentity(sig, &id);
		CuAssert(tc, "Unable to extract the signer identity.", res == KSI_OK && id != NULL);

		/* Create the expected id value. */
		KSI_snprintf(expId, sizeof(expId), "%s :: %s", "GT :: GT :: release test :: anon http", clientId[i]);
		CuAssert(tc, "Client id not what expected.", !strcmp(id, expId));

		/* Cleanup. */
		KSI_Signature_free(sig);
		sig = NULL;

		KSI_free(id);
		id = NULL;

		KSI_BlockSignerHandle_free(hndl[i]);
	}

	KSI_DataHash_free(hsh);
	KSI_MetaData_free(md);
	KSI_BlockSigner_free(bs);
#undef TEST_AGGR_RESPONSE_FILE
}
Beispiel #6
0
int main(int argc, char **argv) {
	KSI_CTX *ksi = NULL;
	int res = KSI_UNKNOWN_ERROR;

	KSI_DataHash *hsh = NULL;
	KSI_RequestHandle *handle[REQUESTS];
	KSI_NetworkClient *http = NULL;

	FILE *logFile = NULL;

	size_t i;

	KSI_DataHasher *hsr = NULL;

	const KSI_CertConstraint pubFileCertConstr[] = {
			{ KSI_CERT_EMAIL, "*****@*****.**"},
			{ NULL, NULL }
	};

	struct {
		size_t ok;
		size_t nok;
	} stat;

	stat.ok = 0;
	stat.nok = 0;




	/* Create new KSI context for this thread. */
	res = KSI_CTX_new(&ksi);
	if (res != KSI_OK) {
		fprintf(stderr, "Unable to create context.\n");
		goto cleanup;
	}

	res = KSI_CTX_setDefaultPubFileCertConstraints(ksi, pubFileCertConstr);
	if (res != KSI_OK) {
		fprintf(stderr, "Unable to configure publications file cert constraints.\n");
		goto cleanup;
	}

	/* Configure the logger. */
	res = OpenLogging(ksi, "multi_curl.log", &logFile);
	if (res != KSI_OK) goto cleanup;


	KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion());

	/* Check publications file url. */
	res = KSI_CTX_setPublicationUrl(ksi, "http://verify.guardtime.com/ksi-publications.bin");
	if (res != KSI_OK) {
		fprintf(stderr, "Unable to set publications file url.\n");
		goto cleanup;
	}

	res = KSI_HttpClient_new(ksi, &http);
	if (res != KSI_OK) {
		fprintf(stderr, "Unable to create http client.\n");
		goto cleanup;
	}

	res = KSI_HttpClient_setAggregator(http, "http://ksigw.test.guardtime.com:3332", "anon", "anon");
	if (res != KSI_OK) {
		fprintf(stderr, "Unable to set aggregator url.\n");
		goto cleanup;
	}

	KSI_HttpClient_setReadTimeoutSeconds(http, 10);
	KSI_HttpClient_setConnectTimeoutSeconds(http, 10);

	for (i = 0; i < REQUESTS; i++) {
		char buf[100];
		size_t len;
		KSI_AggregationReq *req = NULL;

		len = KSI_snprintf(buf, sizeof(buf), "Hello %d", i);
		res = KSI_DataHash_create(ksi, buf, len, KSI_getHashAlgorithmByName("default"), &hsh);
		if (res != KSI_OK) {
			fprintf(stderr, "Unable to create hash.");
			goto cleanup;
		}

		res = KSI_AggregationReq_new(ksi, &req);
		if (res != KSI_OK) {
			fprintf(stderr, "Unable to create request.");
			goto cleanup;
		}

		res = KSI_AggregationReq_setRequestHash(req, hsh);
		if (res != KSI_OK) {
			fprintf(stderr, "Unable to set request hash.");
			goto cleanup;
		}

		res = KSI_NetworkClient_sendSignRequest(http, req, &handle[i]);
		if (res != KSI_OK) {
			fprintf(stderr, "Unable to send aggregation request.");
			goto cleanup;
		}

		KSI_AggregationReq_free(req);
	}

	res = KSI_NetworkClient_performAll(http, handle, REQUESTS);
	if (res != KSI_OK) {
		fprintf(stderr, "Unable to perform requests.");
		goto cleanup;
	}

	for (i = 0; i < REQUESTS; i++) {
		KSI_AggregationResp *resp = NULL;
		res = KSI_RequestHandle_getAggregationResponse(handle[i], &resp);
		if (res != KSI_OK) {
			const KSI_RequestHandleStatus *st = NULL;
			res = KSI_RequestHandle_getResponseStatus(handle[i], &st);
			if (res == KSI_OK) {
				printf("Status code = %ld: %s\n", st->code, st->errm);
			}

			KSI_ERR_statusDump(ksi, stdout);
			stat.nok++;
		} else {
			stat.ok ++;
		}

		KSI_AggregationResp_free(resp);
	}

	printf("Requests:\n"
			"  Successful: %llu\n"
			"      Failed: %llu\n"
			"       TOTAL: %llu\n", (unsigned long long)stat.ok, (unsigned long long)stat.nok, (unsigned long long)(stat.ok + stat.nok));

	res = KSI_OK;

cleanup:

	if (logFile != NULL) fclose(logFile);

	if (res != KSI_OK && ksi != NULL) {
		KSI_ERR_statusDump(ksi, stderr);
	}

	KSI_DataHash_free(hsh);
	KSI_DataHasher_free(hsr);

	KSI_CTX_free(ksi);

	return res;

}
Beispiel #7
0
static int rfc3161_getInputToAggreChain(const KSI_Signature *sig, KSI_DataHash **inputToAggre) {
	int res;
	KSI_CTX *ctx = NULL;
	KSI_DataHash *hsh_tstInfo = NULL;
	KSI_DataHash *hsh_sigAttr = NULL;
	KSI_DataHash *tmp = NULL;
	KSI_DataHasher *hsr = NULL;
	KSI_RFC3161 *rfc = NULL;
	const unsigned char *imprint = NULL;
	size_t imprint_len = 0;
	KSI_HashAlgorithm algo_id = -1;
	KSI_HashAlgorithm tstInfoAlgoId;
	KSI_HashAlgorithm sigAttrAlgoId;

	if (sig == NULL) {
		res = KSI_INVALID_ARGUMENT;
		goto cleanup;
	}

	ctx = sig->ctx;
	KSI_ERR_clearErrors(ctx);


	if (inputToAggre == NULL) {
		KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
		goto cleanup;
	}

	rfc = sig->rfc3161;
	if (rfc == NULL) {
		KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
		goto cleanup;
	}



	if (KSI_Integer_getUInt64(rfc->tstInfoAlgo) > 0xff || KSI_Integer_getUInt64(rfc->sigAttrAlgo) > 0xff) {
		KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Hash algorithm can't be larger than 0xff.");
		goto cleanup;
	} else {
		tstInfoAlgoId = (int)KSI_Integer_getUInt64(rfc->tstInfoAlgo);
		sigAttrAlgoId = (int)KSI_Integer_getUInt64(rfc->sigAttrAlgo);
	}

	res = rfc3161_preSufHasher(ctx, rfc->tstInfoPrefix, rfc->inputHash, rfc->tstInfoSuffix, tstInfoAlgoId, &hsh_tstInfo);
	if (res != KSI_OK) {
		KSI_pushError(ctx, res, NULL);
		goto cleanup;
	}

	res = rfc3161_preSufHasher(ctx, rfc->sigAttrPrefix, hsh_tstInfo, rfc->sigAttrSuffix, sigAttrAlgoId, &hsh_sigAttr);
	if (res != KSI_OK) {
		KSI_pushError(ctx, res, NULL);
		goto cleanup;
	}

	res = KSI_DataHash_getImprint(hsh_sigAttr, &imprint, &imprint_len);
	if (res != KSI_OK) {
		KSI_pushError(sig->ctx, res, NULL);
		goto cleanup;
	}

	res = KSI_Signature_getHashAlgorithm((KSI_Signature *)sig, &algo_id);
	if (res != KSI_OK) {
		KSI_pushError(sig->ctx, res, NULL);
		goto cleanup;
	}

	res = KSI_DataHash_create(ctx, imprint, imprint_len, algo_id, &tmp);
	if (res != KSI_OK) {
		KSI_pushError(sig->ctx, res, NULL);
		goto cleanup;
	}

	*inputToAggre = tmp;
	tmp = NULL;

cleanup:

	KSI_DataHasher_free(hsr);
	KSI_DataHash_free(hsh_tstInfo);
	KSI_DataHash_free(hsh_sigAttr);
	KSI_DataHash_free(tmp);

	return res;
}