static void testGetOldest(CuTest *tc) { int res; KSI_MultiSignature *ms = NULL; KSI_DataHash *hsh = NULL; KSI_Signature *sig = NULL; KSI_Integer *tm = NULL; res = KSI_MultiSignature_fromFile(ctx, getFullResourcePath("resource/multi_sig/test2.mksi"), &ms); CuAssert(tc, "Unable to read multi signature container from file.", res == KSI_OK && ms != NULL); KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh); res = KSI_MultiSignature_get(ms, hsh, &sig); CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL); res = KSI_verifySignature(ctx, sig); CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK); res = KSI_Signature_getSigningTime(sig, &tm); CuAssert(tc, "Wrong signing time (probably returning the newer signature).", res == KSI_OK && KSI_Integer_equalsUInt(tm, 1398866256)); KSI_Signature_free(sig); KSI_DataHash_free(hsh); KSI_MultiSignature_free(ms); }
static void testSignatureSigningTime(CuTest *tc) { int res; KSI_Signature *sig = NULL; KSI_Integer *sigTime = NULL; KSI_uint64_t utc = 0; KSI_ERR_clearErrors(ctx); res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL); res = KSI_Signature_getSigningTime(sig, &sigTime); CuAssert(tc, "Unable to get signing time from signature", res == KSI_OK && sigTime != NULL); utc = KSI_Integer_getUInt64(sigTime); CuAssert(tc, "Unexpected signature signing time.", utc == 1398866256); KSI_Signature_free(sig); }
int KSI_extendSignatureWithPolicy(KSI_CTX *ctx, KSI_Signature *sig, const KSI_Policy *policy, KSI_VerificationContext *context, KSI_Signature **extended) { int res = KSI_UNKNOWN_ERROR; KSI_PublicationsFile *pubFile = NULL; KSI_Integer *signingTime = NULL; KSI_PublicationRecord *pubRec = NULL; KSI_Signature *extSig = NULL; bool verifyPubFile = (ctx->publicationsFile == NULL); KSI_ERR_clearErrors(ctx); if (ctx == NULL || sig == NULL || extended == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_receivePublicationsFile(ctx, &pubFile); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } if (verifyPubFile == true) { res = KSI_verifyPublicationsFile(ctx, pubFile); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } } res = KSI_Signature_getSigningTime(sig, &signingTime); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_PublicationsFile_getNearestPublication(pubFile, signingTime, &pubRec); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } if (pubRec == NULL) { KSI_pushError(ctx, res = KSI_EXTEND_NO_SUITABLE_PUBLICATION, NULL); goto cleanup; } res = KSI_Signature_extendWithPolicy(sig, ctx, pubRec, policy, context, &extSig); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } *extended = extSig; extSig = NULL; cleanup: KSI_PublicationRecord_free(pubRec); KSI_PublicationsFile_free(pubFile); KSI_Signature_free(extSig); return res; }
/** * This function extends the signature to the given publication. * \param[in] sig Initial signature. * \param[in] pubStr Null-terminated c string of the publication. * \param[out] ext Pointer to the receiving pointer to the extended signature. * \return Returns KSI_OK if successful. */ static int extendToPublication(KSI_Signature *sig, const char *pubStr, KSI_Signature **ext) { int res = KSI_UNKNOWN_ERROR; /* Only the published data. */ KSI_PublicationData *pubData = NULL; /* Published data and the references to the actual publications. */ KSI_PublicationRecord *pubRec = NULL; /* Publication time. */ KSI_Integer *pubTime = NULL; /* Signature signing time. */ KSI_Integer *signTime = NULL; /* Parse the publications string. */ res = KSI_PublicationData_fromBase32(ksi, pubStr, &pubData); if (res != KSI_OK) { fprintf(stderr, "Invalid publication: '%s'\n", pubStr); goto cleanup; } /* Verify the publication is newer than the signature. */ res = KSI_Signature_getSigningTime(sig, &signTime); if (res != KSI_OK) goto cleanup; res = KSI_PublicationData_getTime(pubData, &pubTime); if (res != KSI_OK) goto cleanup; if (KSI_Integer_compare(signTime, pubTime) > 0) { fprintf(stderr, "Signature created after publication.\n"); res = KSI_INVALID_ARGUMENT; goto cleanup; } /* Create a publication record. */ res = KSI_PublicationRecord_new(ksi, &pubRec); if (res != KSI_OK) goto cleanup; /* Set the published data value. */ res = KSI_PublicationRecord_setPublishedData(pubRec, pubData); if (res != KSI_OK) goto cleanup; /* The pointer will be free by KSI_PublicatioinRecord_free. */ pubData = NULL; /* NB! If the user wants to store the extended signature, some publication references should * be added to the publication reference. As we are going to discard the signature after * verification, the references are not important. */ /* Extend the signature to the publication. */ res = KSI_Signature_extend(sig, ksi, pubRec, ext); if (res != KSI_OK) { fprintf(stderr, "Unable to to extend the signature to the given publication: '%s'\n", pubStr); goto cleanup; } res = KSI_OK; cleanup: /* We can cleanup the values. */ KSI_PublicationData_free(pubData); KSI_PublicationRecord_free(pubRec); return res; }