static void testSerializeSignature(CuTest *tc) { int res; unsigned char in[0x1ffff]; unsigned in_len = 0; unsigned char *out = NULL; unsigned out_len = 0; FILE *f = NULL; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb"); CuAssert(tc, "Unable to open signature file.", f != NULL); in_len = (unsigned)fread(in, 1, sizeof(in), f); CuAssert(tc, "Nothing read from signature file.", in_len > 0); fclose(f); res = KSI_Signature_parse(ctx, in, in_len, &sig); CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL); res = KSI_Signature_serialize(sig, &out, &out_len); CuAssert(tc, "Failed to serialize signature", res == KSI_OK); CuAssert(tc, "Serialized signature length mismatch", in_len == out_len); CuAssert(tc, "Serialized signature content mismatch", !memcmp(in, out, in_len)); KSI_free(out); KSI_Signature_free(sig); }
static void testReset(CuTest *tc) { #define TEST_AGGR_RESPONSE_FILE "resource/tlv/ok-sig-2014-07-01.1-aggr_response.tlv" int res = KSI_UNKNOWN_ERROR; KSI_BlockSigner *bs = NULL; KSI_DataHash *hsh = NULL; KSI_BlockSignerHandle *h = NULL; KSI_Signature *sig = NULL; unsigned char *raw = NULL; size_t len = 0; res = KSI_CTX_setAggregator(ctx, getFullResourcePathUri(TEST_AGGR_RESPONSE_FILE), TEST_USER, TEST_PASS); CuAssert(tc, "Unable to set aggregator file URI.", res == KSI_OK); res = KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh); CuAssert(tc, "Unable to create data hash.", res == KSI_OK && hsh != NULL); res = KSI_BlockSigner_new(ctx, KSI_HASHALG_SHA1, NULL, NULL, &bs); CuAssert(tc, "Unable to create block signer instance.", res == KSI_OK && bs != NULL); /* Add the temporary leafs. */ res = KSI_BlockSigner_addLeaf(bs, hsh, 0, NULL, NULL); CuAssert(tc, "Unable to add 1st mock hash to the blocksigner.", res == KSI_OK); res = KSI_BlockSigner_addLeaf(bs, hsh, 0, NULL, NULL); CuAssert(tc, "Unable to add 2nd hash to the blocksigner.", res == KSI_OK); res = KSI_BlockSigner_addLeaf(bs, hsh, 0, NULL, NULL); CuAssert(tc, "Unable to add 3rd hash to the blocksigner.", res == KSI_OK); res = KSI_BlockSigner_reset(bs); CuAssert(tc, "Unable to reset the block signer.", res == KSI_OK); res = KSI_BlockSigner_addLeaf(bs, hsh, 0, NULL, &h); CuAssert(tc, "Unable to add actual hash to the blocksigner.", res == KSI_OK && h != NULL); res = KSI_BlockSigner_close(bs, NULL); CuAssert(tc, "Unable to close blocksigner.", res == KSI_OK); res = KSI_BlockSignerHandle_getSignature(h, &sig); CuAssert(tc, "Unable to extract signature from the blocksigner.", res == KSI_OK && sig != NULL); res = KSI_Signature_serialize(sig, &raw, &len); CuAssert(tc, "Unable to serialize signature.", res == KSI_OK && raw != NULL && len > 0); KSI_LOG_logBlob(ctx, KSI_LOG_DEBUG, "Serialized single signature from block signer.", raw, len); KSI_BlockSignerHandle_free(h); KSI_Signature_free(sig); KSI_BlockSigner_free(bs); KSI_DataHash_free(hsh); KSI_free(raw); #undef TEST_AGGR_RESPONSE_FILE }
int main(int argc, char **argv) { KSI_CTX *ksi = NULL; int res; FILE *out = NULL; KSI_Signature *sig = NULL; KSI_Signature *ext = NULL; KSI_HttpClient *net = NULL; unsigned char *raw = NULL; unsigned raw_len; unsigned count; FILE *logFile = NULL; if (argc != 5) { printf("Usage:\n" " %s <signature> <extended> <extender uri> <pub-file uri| ->\n", argv[0]); res = KSI_INVALID_ARGUMENT; goto cleanup; } /* Init KSI context */ res = KSI_CTX_new(&ksi); if (res != KSI_OK) { fprintf(stderr, "Unable to init KSI context.\n"); goto cleanup; } logFile = fopen("ksi_extend.log", "w"); if (logFile == NULL) { fprintf(stderr, "Unable to open log file.\n"); } KSI_CTX_setLoggerCallback(ksi, KSI_LOG_StreamLogger, logFile); KSI_CTX_setLogLevel(ksi, KSI_LOG_DEBUG); KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion()); res = KSI_HttpClient_new(ksi, &net); if (res != KSI_OK) { fprintf(stderr, "Unable to create new network provider.\n"); goto cleanup; } res = KSI_HttpClient_setExtender(net, argv[3], "anon", "anon"); if (res != KSI_OK) goto cleanup; if (strcmp(argv[4], "-")) { res = KSI_HttpClient_setPublicationUrl(net, argv[4]); if (res != KSI_OK) goto cleanup; } res = KSI_CTX_setNetworkProvider(ksi, (KSI_NetworkClient *)net); if (res != KSI_OK) { fprintf(stderr, "Unable to set new network provider.\n"); goto cleanup; } /* Read the signature. */ res = KSI_Signature_fromFile(ksi, argv[1], &sig); if (res != KSI_OK) { KSI_ERR_statusDump(ksi, stdout); fprintf(stderr, "Unable to read signature from '%s'\n", argv[1]); goto cleanup; } /* Make sure the signature is ok. */ res = KSI_verifySignature(ksi, sig); if (res != KSI_OK) { fprintf(stderr, "Unable to verify signature.\n"); KSI_ERR_statusDump(ksi, stderr); goto cleanup; } /* Extend the signature. */ res = KSI_extendSignature(ksi, sig, &ext); if (res != KSI_OK) { if (res == KSI_EXTEND_NO_SUITABLE_PUBLICATION) { printf("No suitable publication to extend to.\n"); goto cleanup; } fprintf(stderr, "Unable to extend signature.\n"); KSI_ERR_statusDump(ksi, stderr); goto cleanup; } /* To be extra sure, lets verify the extended signature. */ res = KSI_verifySignature(ksi, ext); if (res != KSI_OK) { fprintf(stderr, "Unable to verify the extended signature.\n"); KSI_ERR_statusDump(ksi, stderr); goto cleanup; } /* Serialize the extended signature. */ res = KSI_Signature_serialize(ext, &raw, &raw_len); if (res != KSI_OK) { fprintf(stderr, "Unable to serialize extended signature.\n"); goto cleanup; } /* Open output file. */ out = fopen(argv[2], "wb"); if (out == NULL) { fprintf(stderr, "Unable to open output file '%s'\n", argv[2]); res = KSI_IO_ERROR; goto cleanup; } count = (unsigned)fwrite(raw, 1, raw_len, out); if (count != raw_len) { fprintf(stderr, "Failed to write output file.\n"); res = KSI_IO_ERROR; goto cleanup; } printf("Signature extended."); cleanup: if (logFile != NULL) fclose(logFile); if (out != NULL) fclose(out); KSI_Signature_free(sig); KSI_Signature_free(ext); KSI_free(raw); KSI_CTX_free(ksi); return res; }
int main(int argc, char **argv) { KSI_CTX *ksi = NULL; int res = KSI_UNKNOWN_ERROR; FILE *in = NULL; FILE *out = NULL; KSI_DataHasher *hsr = NULL; KSI_DataHash *hsh = NULL; KSI_Signature *sign = NULL; unsigned char *raw = NULL; unsigned raw_len; unsigned char buf[1024]; unsigned buf_len; char *signerIdentity = NULL; FILE *logFile = NULL; /* Handle command line parameters */ /* Handle command line parameters */ if (argc != 7) { fprintf(stderr, "Usage:\n" " %s <in-data-file> <out-sign-file> <aggregator-uri> <user> <pass> <pub-file url | -> \n", argv[0]); res = KSI_INVALID_ARGUMENT; goto cleanup; } /* Input file */ in = fopen(argv[1], "rb"); if (in == NULL) { fprintf(stderr, "Unable to open input file '%s'\n", argv[1]); res = KSI_IO_ERROR; goto cleanup; } /* Create new KSI context for this thread. */ res = KSI_CTX_new(&ksi); if (res != KSI_OK) { fprintf(stderr, "Unable to create context.\n"); goto cleanup; } logFile = fopen("ksi_sign.log", "w"); if (logFile == NULL) { fprintf(stderr, "Unable to open log file.\n"); } KSI_CTX_setLoggerCallback(ksi, KSI_LOG_StreamLogger, logFile); KSI_CTX_setLogLevel(ksi, KSI_LOG_DEBUG); KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion()); res = KSI_CTX_setAggregator(ksi, argv[3], argv[4], argv[5]); if (res != KSI_OK) goto cleanup; /* Check publications file url. */ if (strncmp("-", argv[6], 1)) { res = KSI_CTX_setPublicationUrl(ksi, argv[6]); if (res != KSI_OK) { fprintf(stderr, "Unable to set publications file url.\n"); goto cleanup; } } /* Create a data hasher using default algorithm. */ res = KSI_DataHasher_open(ksi, KSI_getHashAlgorithmByName("default"), &hsr); if (res != KSI_OK) { fprintf(stderr, "Unable to create hasher.\n"); goto cleanup; } /* Read the input file and calculate the hash of its contents. */ while (!feof(in)) { buf_len = (unsigned)fread(buf, 1, sizeof(buf), in); /* Add next block to the calculation. */ res = KSI_DataHasher_add(hsr, buf, buf_len); if (res != KSI_OK) { fprintf(stderr, "Unable to add data to hasher.\n"); goto cleanup; } } /* Close the data hasher and retreive the data hash. */ res = KSI_DataHasher_close(hsr, &hsh); if (res != KSI_OK) { fprintf(stderr, "Unable to create hash.\n"); goto cleanup; } /* Sign the data hash. */ res = KSI_createSignature(ksi, hsh, &sign); if (res != KSI_OK) { fprintf(stderr, "Unable to sign %d.\n", res); goto cleanup; } res = KSI_Signature_verify(sign, ksi); if (res != KSI_OK) { fprintf(stderr, "Failed to verify signature.\n"); goto cleanup; } /* Output the signer id */ res = KSI_Signature_getSignerIdentity(sign, &signerIdentity); if (res == KSI_OK) { printf("Signer id: %s\n", signerIdentity); } else { fprintf(stderr, "Unable to extract signer identity.\n"); } /* Serialize the signature. */ res = KSI_Signature_serialize(sign, &raw, &raw_len); if (res != KSI_OK) { fprintf(stderr, "Unable to serialize signature."); goto cleanup; } /* Output file */ out = fopen(argv[2], "wb"); if (out == NULL) { fprintf(stderr, "Unable to open input file '%s'\n", argv[2]); res = KSI_IO_ERROR; goto cleanup; } /* Write the signature file. */ if (!fwrite(raw, 1, raw_len, out)) { fprintf(stderr, "Unable to write output file.\n"); res = KSI_IO_ERROR; goto cleanup; } /* Only print message when signature output is not stdout. */ if (out != NULL) { printf("Signature saved.\n"); } res = KSI_OK; cleanup: if (logFile != NULL) fclose(logFile); if (res != KSI_OK && ksi != NULL) { KSI_ERR_statusDump(ksi, stderr); } if (in != NULL) fclose(in); if (out != NULL) fclose(out); KSI_free(signerIdentity); KSI_Signature_free(sign); KSI_DataHash_free(hsh); KSI_DataHasher_free(hsr); KSI_free(raw); KSI_CTX_free(ksi); return res; }