Ejemplo n.º 1
0
static void testGetOldest(CuTest *tc) {
	int res;
	KSI_MultiSignature *ms = NULL;
	KSI_DataHash *hsh = NULL;
	KSI_Signature *sig = NULL;
	KSI_Integer *tm = NULL;

	res = KSI_MultiSignature_fromFile(ctx, getFullResourcePath("resource/multi_sig/test2.mksi"), &ms);
	CuAssert(tc, "Unable to read multi signature container from file.", res == KSI_OK && ms != NULL);

	KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh);

	res = KSI_MultiSignature_get(ms, hsh, &sig);
	CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL);

	res = KSI_verifySignature(ctx, sig);
	CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK);

	res = KSI_Signature_getSigningTime(sig, &tm);
	CuAssert(tc, "Wrong signing time (probably returning the newer signature).", res == KSI_OK && KSI_Integer_equalsUInt(tm, 1398866256));

	KSI_Signature_free(sig);
	KSI_DataHash_free(hsh);
	KSI_MultiSignature_free(ms);
}
Ejemplo n.º 2
0
static void testSignatureSigningTime(CuTest *tc) {
	int res;
	KSI_Signature *sig = NULL;
	KSI_Integer *sigTime = NULL;
	KSI_uint64_t utc = 0;

	KSI_ERR_clearErrors(ctx);

	res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig);
	CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);

	res = KSI_Signature_getSigningTime(sig, &sigTime);
	CuAssert(tc, "Unable to get signing time from signature", res == KSI_OK && sigTime != NULL);

	utc = KSI_Integer_getUInt64(sigTime);

	CuAssert(tc, "Unexpected signature signing time.", utc == 1398866256);

	KSI_Signature_free(sig);
}
Ejemplo n.º 3
0
int KSI_extendSignatureWithPolicy(KSI_CTX *ctx, KSI_Signature *sig, const KSI_Policy *policy, KSI_VerificationContext *context, KSI_Signature **extended) {
	int res = KSI_UNKNOWN_ERROR;
	KSI_PublicationsFile *pubFile = NULL;
	KSI_Integer *signingTime = NULL;
	KSI_PublicationRecord *pubRec = NULL;
	KSI_Signature *extSig = NULL;
	bool verifyPubFile = (ctx->publicationsFile == NULL);

	KSI_ERR_clearErrors(ctx);
	if (ctx == NULL || sig == NULL || extended == NULL) {
		KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
		goto cleanup;
	}

	res = KSI_receivePublicationsFile(ctx, &pubFile);
	if (res != KSI_OK) {
		KSI_pushError(ctx,res, NULL);
		goto cleanup;
	}

	if (verifyPubFile == true) {
		res = KSI_verifyPublicationsFile(ctx, pubFile);
		if (res != KSI_OK) {
			KSI_pushError(ctx,res, NULL);
			goto cleanup;
		}
	}

	res = KSI_Signature_getSigningTime(sig, &signingTime);
	if (res != KSI_OK) {
		KSI_pushError(ctx,res, NULL);
		goto cleanup;
	}


	res = KSI_PublicationsFile_getNearestPublication(pubFile, signingTime, &pubRec);
	if (res != KSI_OK) {
		KSI_pushError(ctx,res, NULL);
		goto cleanup;
	}

	if (pubRec == NULL) {
		KSI_pushError(ctx, res = KSI_EXTEND_NO_SUITABLE_PUBLICATION, NULL);
		goto cleanup;
	}

	res = KSI_Signature_extendWithPolicy(sig, ctx, pubRec, policy, context, &extSig);
	if (res != KSI_OK) {
		KSI_pushError(ctx,res, NULL);
		goto cleanup;
	}

	*extended = extSig;
	extSig = NULL;

cleanup:

	KSI_PublicationRecord_free(pubRec);
	KSI_PublicationsFile_free(pubFile);
	KSI_Signature_free(extSig);
	return res;
}
Ejemplo n.º 4
0
/**
 * This function extends the signature to the given publication.
 * \param[in]	sig			Initial signature.
 * \param[in]	pubStr		Null-terminated c string of the publication.
 * \param[out]	ext			Pointer to the receiving pointer to the extended signature.
 * \return Returns KSI_OK if successful.
 */
static int extendToPublication(KSI_Signature *sig, const char *pubStr, KSI_Signature **ext) {
	int res = KSI_UNKNOWN_ERROR;

	/* Only the published data. */
	KSI_PublicationData *pubData = NULL;
	/* Published data and the references to the actual publications. */
	KSI_PublicationRecord *pubRec = NULL;

	/* Publication time. */
	KSI_Integer *pubTime = NULL;
	/* Signature signing time. */
	KSI_Integer *signTime = NULL;
	/* Parse the publications string. */
	res = KSI_PublicationData_fromBase32(ksi, pubStr, &pubData);
	if (res != KSI_OK) {
		fprintf(stderr, "Invalid publication: '%s'\n", pubStr);
		goto cleanup;
	}

	/* Verify the publication is newer than the signature. */
    res = KSI_Signature_getSigningTime(sig, &signTime);
	if (res != KSI_OK) goto cleanup;

	res = KSI_PublicationData_getTime(pubData, &pubTime);
	if (res != KSI_OK) goto cleanup;

	if (KSI_Integer_compare(signTime, pubTime) > 0) {
		fprintf(stderr, "Signature created after publication.\n");
		res = KSI_INVALID_ARGUMENT;
		goto cleanup;
	}

	/* Create a publication record. */
	res = KSI_PublicationRecord_new(ksi, &pubRec);
	if (res != KSI_OK) goto cleanup;

	/* Set the published data value. */
	res = KSI_PublicationRecord_setPublishedData(pubRec, pubData);
	if (res != KSI_OK) goto cleanup;

	/* The pointer will be free by KSI_PublicatioinRecord_free. */
	pubData = NULL;

	/* NB! If the user wants to store the extended signature, some publication references should
 	 * be added to the publication reference. As we are going to discard the signature after
 	 * verification, the references are not important. */

	/* Extend the signature to the publication. */
	res = KSI_Signature_extend(sig, ksi, pubRec, ext);
	if (res != KSI_OK) {
		fprintf(stderr, "Unable to to extend the signature to the given publication: '%s'\n", pubStr);
		goto cleanup;
	}

	res = KSI_OK;

cleanup:

	/* We can cleanup the values. */
	KSI_PublicationData_free(pubData);
	KSI_PublicationRecord_free(pubRec);

	return res;
}