static void testGetOldest(CuTest *tc) {
int res;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_Signature *sig = NULL;
KSI_Integer *tm = NULL;
res = KSI_MultiSignature_fromFile(ctx, getFullResourcePath("resource/multi_sig/test2.mksi"), &ms);
CuAssert(tc, "Unable to read multi signature container from file.", res == KSI_OK && ms != NULL);
KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh);
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK);
res = KSI_Signature_getSigningTime(sig, &tm);
CuAssert(tc, "Wrong signing time (probably returning the newer signature).", res == KSI_OK && KSI_Integer_equalsUInt(tm, 1398866256));
KSI_Signature_free(sig);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
}
static void testSignatureSigningTime(CuTest *tc) {
int res;
KSI_Signature *sig = NULL;
KSI_Integer *sigTime = NULL;
KSI_uint64_t utc = 0;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_getSigningTime(sig, &sigTime);
CuAssert(tc, "Unable to get signing time from signature", res == KSI_OK && sigTime != NULL);
utc = KSI_Integer_getUInt64(sigTime);
CuAssert(tc, "Unexpected signature signing time.", utc == 1398866256);
KSI_Signature_free(sig);
}
int KSI_extendSignatureWithPolicy(KSI_CTX *ctx, KSI_Signature *sig, const KSI_Policy *policy, KSI_VerificationContext *context, KSI_Signature **extended) {
int res = KSI_UNKNOWN_ERROR;
KSI_PublicationsFile *pubFile = NULL;
KSI_Integer *signingTime = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_Signature *extSig = NULL;
bool verifyPubFile = (ctx->publicationsFile == NULL);
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || sig == NULL || extended == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
res = KSI_receivePublicationsFile(ctx, &pubFile);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
if (verifyPubFile == true) {
res = KSI_verifyPublicationsFile(ctx, pubFile);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
}
res = KSI_Signature_getSigningTime(sig, &signingTime);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_PublicationsFile_getNearestPublication(pubFile, signingTime, &pubRec);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
if (pubRec == NULL) {
KSI_pushError(ctx, res = KSI_EXTEND_NO_SUITABLE_PUBLICATION, NULL);
goto cleanup;
}
res = KSI_Signature_extendWithPolicy(sig, ctx, pubRec, policy, context, &extSig);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
*extended = extSig;
extSig = NULL;
cleanup:
KSI_PublicationRecord_free(pubRec);
KSI_PublicationsFile_free(pubFile);
KSI_Signature_free(extSig);
return res;
}
/**
* This function extends the signature to the given publication.
* \param[in] sig Initial signature.
* \param[in] pubStr Null-terminated c string of the publication.
* \param[out] ext Pointer to the receiving pointer to the extended signature.
* \return Returns KSI_OK if successful.
*/
static int extendToPublication(KSI_Signature *sig, const char *pubStr, KSI_Signature **ext) {
int res = KSI_UNKNOWN_ERROR;
/* Only the published data. */
KSI_PublicationData *pubData = NULL;
/* Published data and the references to the actual publications. */
KSI_PublicationRecord *pubRec = NULL;
/* Publication time. */
KSI_Integer *pubTime = NULL;
/* Signature signing time. */
KSI_Integer *signTime = NULL;
/* Parse the publications string. */
res = KSI_PublicationData_fromBase32(ksi, pubStr, &pubData);
if (res != KSI_OK) {
fprintf(stderr, "Invalid publication: '%s'\n", pubStr);
goto cleanup;
}
/* Verify the publication is newer than the signature. */
res = KSI_Signature_getSigningTime(sig, &signTime);
if (res != KSI_OK) goto cleanup;
res = KSI_PublicationData_getTime(pubData, &pubTime);
if (res != KSI_OK) goto cleanup;
if (KSI_Integer_compare(signTime, pubTime) > 0) {
fprintf(stderr, "Signature created after publication.\n");
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
/* Create a publication record. */
res = KSI_PublicationRecord_new(ksi, &pubRec);
if (res != KSI_OK) goto cleanup;
/* Set the published data value. */
res = KSI_PublicationRecord_setPublishedData(pubRec, pubData);
if (res != KSI_OK) goto cleanup;
/* The pointer will be free by KSI_PublicatioinRecord_free. */
pubData = NULL;
/* NB! If the user wants to store the extended signature, some publication references should
* be added to the publication reference. As we are going to discard the signature after
* verification, the references are not important. */
/* Extend the signature to the publication. */
res = KSI_Signature_extend(sig, ksi, pubRec, ext);
if (res != KSI_OK) {
fprintf(stderr, "Unable to to extend the signature to the given publication: '%s'\n", pubStr);
goto cleanup;
}
res = KSI_OK;
cleanup:
/* We can cleanup the values. */
KSI_PublicationData_free(pubData);
KSI_PublicationRecord_free(pubRec);
return res;
}
