static void testVerifyPublicationsFile(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_PKITruststore *pki = NULL; KSI_ERR_clearErrors(ctx); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_PKITruststore_new(ctx, 0, &pki); CuAssert(tc, "Unable to get PKI truststore from context.", res == KSI_OK && pki != NULL); res = KSI_CTX_setPKITruststore(ctx, pki); CuAssert(tc, "Unable to set new pki truststrore for ksi context.", res == KSI_OK); /* Verification should fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file shouldn't verify without mock certificate.", res != KSI_OK); /* Verification should succeed. */ res = KSI_PKITruststore_addLookupFile(pki, getFullResourcePath("resource/tlv/mock.crt")); CuAssert(tc, "Unable to read certificate", res == KSI_OK); res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file should verify with mock certificate.", res == KSI_OK); KSI_PublicationsFile_free(pubFile); }
static void testVerifyCalendarChainAlgoChange(CuTest *tc) { int res; unsigned char in[0x1ffff]; unsigned in_len = 0; FILE *f = NULL; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath("resource/tlv/cal_algo_switch.ksig"), "rb"); CuAssert(tc, "Unable to open signature file.", f != NULL); in_len = (unsigned)fread(in, 1, sizeof(in), f); CuAssert(tc, "Nothing read from signature file.", in_len > 0); fclose(f); res = KSI_Signature_parse(ctx, in, in_len, &sig); CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL); KSITest_setFileMockResponse(tc, getFullResourcePath("resource/tlv/cal_algo_switch-extend_resposne.tlv")); ctx->requestCounter = 0; res = KSI_Signature_verifyOnline(sig, ctx); CuAssert(tc, "Failed to verify valid document", res == KSI_OK); KSI_Signature_free(sig); }
static void TestRdrFileFileReading(CuTest* tc) { int res; unsigned char tmpBuf[0xffff]; size_t readCount; static char testStr[] = "Randomness is too important to be left to chance"; FILE *f = NULL; KSI_RDR *rdr = NULL; /* Write some data to file */ f = fopen(getFullResourcePath(TMP_FILE) , "w"); CuAssert(tc, "Unable to create temporary file", f != NULL); CuAssert(tc, "Unable to write temporary file", fprintf(f, "%s", testStr) > 0); CuAssert(tc, "Unable to close temporary file", !fclose(f)); f = fopen(getFullResourcePath(TMP_FILE), "rb"); /* Try reading it back. */ res = KSI_RDR_fromStream(ctx, f, &rdr); CuAssert(tc, "Error creating reader from file.", res == KSI_OK); CuAssert(tc, "Creating reader from file did not fail, but object is still NULL", rdr != NULL); /* Read as a single block. */ KSI_RDR_read_ex(rdr, tmpBuf, sizeof(tmpBuf), &readCount); CuAssert(tc, "Wrong length read", readCount == strlen(testStr)); CuAssert(tc, "Reader is not at EOF", rdr->eof); fclose(f); KSI_RDR_close(rdr); /* Remove temporary file */ CuAssert(tc, "Unable to remove temporary file", remove(getFullResourcePath(TMP_FILE)) == 0); }
static void testSerializePublicationsFile(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; char *raw = NULL; unsigned raw_len = 0; FILE *f = NULL; int symbol = 0; unsigned i= 0; KSI_ERR_clearErrors(ctx); setFileMockResponse(tc, getFullResourcePath(TEST_PUBLICATIONS_FILE)); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_PublicationsFile_serialize(ctx, pubFile, &raw, &raw_len); CuAssert(tc, "Unable to serialize publications file", res == KSI_OK && raw != NULL && raw_len != 0); f = fopen(getFullResourcePath(TEST_PUBLICATIONS_FILE), "rb"); CuAssert(tc, "Unable to open publications file", res == KSI_OK && f != NULL); while ((symbol = getc(f)) != EOF && i<raw_len){ CuAssert(tc, "Serialized publications file mismatch", (char)symbol == raw[i]); i++; } CuAssert(tc, "Serialized publications file length mismatch", i == raw_len); KSI_PublicationsFile_free(pubFile); KSI_free(raw); if (f) fclose(f); }
static void aggregationPduVer2Test(CuTest *tc) { ctx->flags[KSI_CTX_FLAG_AGGR_PDU_VER] = KSI_PDU_VERSION_2; testObjectSerialization(tc, getFullResourcePath("resource/tlv/aggr_request_v2.tlv"), (int (*)(KSI_CTX *, unsigned char *, size_t, void **))KSI_AggregationPdu_parse, (int (*)(void *, unsigned char **, size_t *))KSI_AggregationPdu_serialize, ( void (*)(void *))KSI_AggregationPdu_free); testObjectSerialization(tc, getFullResourcePath("resource/tlv/aggr_response_v2.tlv"), (int (*)(KSI_CTX *, unsigned char *, size_t, void **))KSI_AggregationPdu_parse, (int (*)(void *, unsigned char **, size_t *))KSI_AggregationPdu_serialize, ( void (*)(void *))KSI_AggregationPdu_free); ctx->flags[KSI_CTX_FLAG_AGGR_PDU_VER] = KSI_AGGREGATION_PDU_VERSION; }
static void extendPduVer2Test(CuTest *tc) { ctx->flags[KSI_CTX_FLAG_EXT_PDU_VER] = KSI_PDU_VERSION_2; testObjectSerialization(tc, getFullResourcePath("resource/tlv/extend_request_v2.tlv"), (int (*)(KSI_CTX *, unsigned char *, size_t, void **))KSI_ExtendPdu_parse, (int (*)(void *, unsigned char **, size_t *))KSI_ExtendPdu_serialize, ( void (*)(void *))KSI_ExtendPdu_free); testObjectSerialization(tc, getFullResourcePath("resource/tlv/extend_response_v2.tlv"), (int (*)(KSI_CTX *, unsigned char *, size_t, void **))KSI_ExtendPdu_parse, (int (*)(void *, unsigned char **, size_t *))KSI_ExtendPdu_serialize, ( void (*)(void *))KSI_ExtendPdu_free); ctx->flags[KSI_CTX_FLAG_EXT_PDU_VER] = KSI_EXTENDING_PDU_VERSION; }
static void testOnlyStrongestProofReturned(CuTest* tc) { int res; KSI_Signature *sig1 = NULL; KSI_Signature *sig2 = NULL; KSI_Signature *sig3 = NULL; KSI_MultiSignature *ms = NULL; KSI_DataHash *hsh = NULL; KSI_PublicationRecord *publication = NULL; KSI_CalendarAuthRec *calAuth = NULL; KSI_ERR_clearErrors(ctx); res = KSI_MultiSignature_new(ctx, &ms); CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL); res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig1); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig1 != NULL); res = KSI_MultiSignature_add(ms, sig1); CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK); res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_EX_SIGNATURE_FILE), &sig2); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig2 != NULL); res = KSI_MultiSignature_add(ms, sig2); CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK); res = KSI_Signature_getDocumentHash(sig1, &hsh); CuAssert(tc, "Unable to get signed hash value.", res == KSI_OK && hsh != NULL); res = KSI_MultiSignature_get(ms, hsh, &sig3); CuAssert(tc, "Unable to extract signature from multi signature container.", res == KSI_OK && sig3 != NULL); res = KSI_verifySignature(ctx, sig3); CuAssert(tc, "Unable to verify extracted signature.", res == KSI_OK); /* Verify the signature has a publication attached to it. */ res = KSI_Signature_getPublicationRecord(sig3, &publication); CuAssert(tc, "Publication must be present", res == KSI_OK && publication != NULL); /* Verify the signature does not contain a calendar authentication record. */ res = KSI_Signature_getCalendarAuthRec(sig3, &calAuth); CuAssert(tc, "Signature may not have a calendar auth record and a publication.", res == KSI_OK && calAuth == NULL); KSI_MultiSignature_free(ms); KSI_Signature_free(sig1); KSI_Signature_free(sig2); KSI_Signature_free(sig3); }
static void testLoadPublicationsFile(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_ERR_clearErrors(ctx); setFileMockResponse(tc, getFullResourcePath(TEST_PUBLICATIONS_FILE)); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); KSI_PublicationsFile_free(pubFile); }
static void testVerifySignatureWithUserPublication(CuTest *tc) { int res; KSI_Signature *sig = NULL; const char pubStr[] = "AAAAAA-CTOQBY-AAMJYH-XZPM6T-UO6U6V-2WJMHQ-EJMVXR-JEAGID-2OY7P5-XFFKYI-QIF2LG-YOV7SO"; const char pubStr_bad[] = "AAAAAA-CT5VGY-AAPUCF-L3EKCC-NRSX56-AXIDFL-VZJQK4-WDCPOE-3KIWGB-XGPPM3-O5BIMW-REOVR4"; KSI_PublicationData *pubData = NULL; KSI_PublicationData *pubData_bad = NULL; KSI_ERR_clearErrors(ctx); res = KSI_PublicationData_fromBase32(ctx, pubStr, &pubData); CuAssert(tc, "Unable to parse publication string.", res == KSI_OK && pubData != NULL); res = KSI_PublicationData_fromBase32(ctx, pubStr_bad, &pubData_bad); CuAssert(tc, "Unable to parse publication string.", res == KSI_OK && pubData_bad != NULL); res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-extended.ksig"), &sig); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL); res = KSI_Signature_verifyWithPublication(sig, ctx, pubData); CuAssert(tc, "Unable to verify signature with publication.", res == KSI_OK); res = KSI_Signature_verifyWithPublication(sig, ctx, pubData_bad); CuAssert(tc, "Unable to verify signature with publication.", res != KSI_OK); KSI_PublicationData_free(pubData); KSI_PublicationData_free(pubData_bad); KSI_Signature_free(sig); }
static void testVerifyDocument(CuTest *tc) { int res; unsigned char in[0x1ffff]; unsigned in_len = 0; char doc[] = "LAPTOP"; FILE *f = NULL; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb"); CuAssert(tc, "Unable to open signature file.", f != NULL); in_len = (unsigned)fread(in, 1, sizeof(in), f); CuAssert(tc, "Nothing read from signature file.", in_len > 0); fclose(f); res = KSI_Signature_parse(ctx, in, in_len, &sig); CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL); res = KSI_Signature_verifyDocument(sig, ctx, doc, strlen(doc)); CuAssert(tc, "Failed to verify valid document", res == KSI_OK); res = KSI_Signature_verifyDocument(sig, ctx, doc, sizeof(doc)); CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE); KSI_Signature_free(sig); }
static void testSerializeSignature(CuTest *tc) { int res; unsigned char in[0x1ffff]; unsigned in_len = 0; unsigned char *out = NULL; unsigned out_len = 0; FILE *f = NULL; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb"); CuAssert(tc, "Unable to open signature file.", f != NULL); in_len = (unsigned)fread(in, 1, sizeof(in), f); CuAssert(tc, "Nothing read from signature file.", in_len > 0); fclose(f); res = KSI_Signature_parse(ctx, in, in_len, &sig); CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL); res = KSI_Signature_serialize(sig, &out, &out_len); CuAssert(tc, "Failed to serialize signature", res == KSI_OK); CuAssert(tc, "Serialized signature length mismatch", in_len == out_len); CuAssert(tc, "Serialized signature content mismatch", !memcmp(in, out, in_len)); KSI_free(out); KSI_Signature_free(sig); }
static void testErrorMessage(CuTest* tc, const char *expected, const char *tlv_file, int (*obj_new)(KSI_CTX *ctx, void **), void (*obj_free)(void*), const KSI_TlvTemplate *tmplete) { int res; void *obj = NULL; char buf[1024]; size_t len; FILE *f = NULL; KSI_FTLV ftlv; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath(tlv_file), "rb"); CuAssert(tc, "Failed to open file.", f != NULL); res = KSI_FTLV_fileRead(f, (unsigned char *)buf, sizeof(buf), &len, &ftlv); CuAssert(tc, "Failed read from file.", res == KSI_OK); res = obj_new(ctx, &obj); CuAssert(tc, "Unable create new obj.", res == KSI_OK); res = KSI_TlvTemplate_parse(ctx, (unsigned char *)buf, (unsigned)len, tmplete, obj); CuAssert(tc, "Parsing invalid obj must fail.", res != KSI_OK); res = KSI_ERR_getBaseErrorMessage(ctx, buf, sizeof(buf), NULL, NULL); CuAssert(tc, "Unable to get base error message.", res == KSI_OK); CuAssert(tc, "Wrong error message.", strcmp(buf, expected) == 0); if (f != NULL) fclose(f); obj_free(obj); }
static void Test_ExtendSignatureUsingAggregator(CuTest* tc) { int res = KSI_UNKNOWN_ERROR; KSI_Signature *sig = NULL; KSI_Signature *ext = NULL; KSI_CTX *ctx = NULL; /* Create the context. */ res = KSI_CTX_new(&ctx); CuAssert(tc, "Unable to create ctx.", res == KSI_OK && ctx != NULL); res = KSI_CTX_setPublicationUrl(ctx, conf.publications_file_url); CuAssert(tc, "Unable to set publications file url.", res == KSI_OK); res = KSI_CTX_setExtender(ctx, conf.aggregator_url, conf.aggregator_user, conf.aggregator_pass); CuAssert(tc, "Unable to set configure aggregator as extender.", res == KSI_OK); res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig); CuAssert(tc, "Unable to set read signature from file.", res == KSI_OK && sig != NULL); res = KSI_Signature_extend(sig, ctx, NULL, &ext); CuAssert(tc, "The extending of signature must fail.", ext == NULL); CuAssert(tc, "Invalid KSI status code for mixed up request.", res == KSI_HTTP_ERROR); CuAssert(tc, "External error (HTTP) must be 400.", ctx_get_base_external_error(ctx) == 400); KSI_Signature_free(sig); KSI_Signature_free(ext); KSI_CTX_free(ctx); return; }
static void testExtend(CuTest *tc) { int res; KSI_MultiSignature *ms = NULL; KSI_DataHash *hsh = NULL; KSI_Signature *sig = NULL; KSI_PublicationRecord *pubRec = NULL; res = KSI_MultiSignature_fromFile(ctx, getFullResourcePath("resource/multi_sig/test2.mksi"), &ms); CuAssert(tc, "Unable to read multi signature container from file.", res == KSI_OK && ms != NULL); res = KSI_CTX_setExtender(ctx, getFullResourcePathUri("resource/multi_sig/test2-extend_response-multiple.tlv"), "anon", "anon"); CuAssert(tc, "Unable to set extender response from file", res == KSI_OK); res = KSI_MultiSignature_extend(ms); CuAssert(tc, "Unable to perform multi signature container extension.", res == KSI_OK); KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh); res = KSI_MultiSignature_get(ms, hsh, &sig); CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL); res = KSI_verifySignature(ctx, sig); CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK); res = KSI_Signature_getPublicationRecord(sig, &pubRec); CuAssert(tc, "Signature should be extended.", res == KSI_OK && pubRec != NULL); KSI_Signature_free(sig); KSI_DataHash_free(hsh); KSI_MultiSignature_free(ms); }
static void testGetLatestPublicationOfLast(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_PublicationRecord *pubRec = NULL; KSI_Integer *tm = NULL; KSI_PublicationData *pubDat = NULL; KSI_Integer *pubTm = NULL; res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_Integer_new(ctx, 1405382400, &tm); CuAssert(tc, "Unable to create integer", res == KSI_OK && tm != NULL); res = KSI_PublicationsFile_getLatestPublication(pubFile, tm, &pubRec); CuAssert(tc, "Unable to find nearest publication", res == KSI_OK && pubRec != NULL); res = KSI_PublicationRecord_getPublishedData(pubRec, &pubDat); CuAssert(tc, "Unable to get published data", res == KSI_OK && pubDat != NULL); res = KSI_PublicationData_getTime(pubDat, &pubTm); CuAssert(tc, "Unable to get publication time", res == KSI_OK && pubTm != NULL); CuAssert(tc, "Unexpected publication time (this test might fail, if you have recently updated the publications file in the tests)", KSI_Integer_equalsUInt(pubTm, 1405382400)); KSI_PublicationsFile_free(pubFile); KSI_Integer_free(tm); }
static void testGetOldest(CuTest *tc) { int res; KSI_MultiSignature *ms = NULL; KSI_DataHash *hsh = NULL; KSI_Signature *sig = NULL; KSI_Integer *tm = NULL; res = KSI_MultiSignature_fromFile(ctx, getFullResourcePath("resource/multi_sig/test2.mksi"), &ms); CuAssert(tc, "Unable to read multi signature container from file.", res == KSI_OK && ms != NULL); KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh); res = KSI_MultiSignature_get(ms, hsh, &sig); CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL); res = KSI_verifySignature(ctx, sig); CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK); res = KSI_Signature_getSigningTime(sig, &tm); CuAssert(tc, "Wrong signing time (probably returning the newer signature).", res == KSI_OK && KSI_Integer_equalsUInt(tm, 1398866256)); KSI_Signature_free(sig); KSI_DataHash_free(hsh); KSI_MultiSignature_free(ms); }
static void testgetUsedHashAlgorithmsFromSingleLegacy(CuTest *tc) { int res; KSI_MultiSignature *ms = NULL; KSI_Signature *sig = NULL; KSI_HashAlgorithm *arr = NULL; size_t arr_len; res = KSI_MultiSignature_new(ctx, &ms); CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL); res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-legacy-sig-2014-06.gtts.ksig"), &sig); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL); res = KSI_MultiSignature_add(ms, sig); CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK); KSI_Signature_free(sig); res = KSI_MultiSignature_getUsedHashAlgorithms(ms, &arr, &arr_len); CuAssert(tc, "Function should be successful", res == KSI_OK); CuAssert(tc, "Unexpected number of hash algorithms", arr_len == 1); CuAssert(tc, "If there are used algorithms, the output pointer should not be NULL", arr != NULL); CuAssert(tc, "Unexpected hash algorithm", arr[0] == KSI_HASHALG_SHA2_256); KSI_MultiSignature_free(ms); KSI_free(arr); }
static void testExtractingNotExisting(CuTest* tc) { int res; KSI_Signature *sig = NULL; KSI_MultiSignature *ms = NULL; KSI_DataHash *hsh = NULL; KSI_ERR_clearErrors(ctx); res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL); res = KSI_MultiSignature_new(ctx, &ms); CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL); res = KSI_MultiSignature_add(ms, sig); CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK); KSI_Signature_free(sig); sig = NULL; KSITest_DataHash_fromStr(ctx, "01db27c0db0aebb8d3963c3a720985cedb600f91854cdb1e45ad631611c39284dd", &hsh); res = KSI_MultiSignature_get(ms, hsh, &sig); CuAssert(tc, "Get should fail with KSI_MULTISIG_NOT_FOUND", res == KSI_MULTISIG_NOT_FOUND && sig == NULL); KSI_DataHash_free(hsh); KSI_MultiSignature_free(ms); KSI_Signature_free(sig); }
static void testGetNearestPublicationWithPubTime(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_PublicationRecord *pubRec = NULL; KSI_Integer *tm = NULL; KSI_PublicationData *pubDat = NULL; KSI_Integer *pubTm = NULL; res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); /* With time set to 0, the result should be the first publication record in the publications file. */ res = KSI_Integer_new(ctx, 1208217600, &tm); CuAssert(tc, "Unable to create integer", res == KSI_OK && tm != NULL); res = KSI_PublicationsFile_getNearestPublication(pubFile, tm, &pubRec); CuAssert(tc, "Unable to find nearest publication", res == KSI_OK && pubRec != NULL); res = KSI_PublicationRecord_getPublishedData(pubRec, &pubDat); CuAssert(tc, "Unable to get published data", res == KSI_OK && pubDat != NULL); res = KSI_PublicationData_getTime(pubDat, &pubTm); CuAssert(tc, "Unable to get publication time", res == KSI_OK && pubTm != NULL); CuAssert(tc, "Unexpected publication time", KSI_Integer_equalsUInt(pubTm, 1208217600)); KSI_PublicationRecord_free(pubRec); KSI_PublicationsFile_free(pubFile); KSI_Integer_free(tm); }
static void testVerifyPublicationsFileWithAttributeNotPresent(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_CertConstraint arr[] = { {NULL, NULL}, {NULL, NULL} }; KSI_ERR_clearErrors(ctx); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); arr[0].oid = "2.5.4.9"; arr[0].val = "Local pub"; res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr); CuAssert(tc, "Unable to delete OID 2.5.4.9", res == KSI_OK); /* Verification should fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file must verify with address.", res != KSI_OK); arr[0].oid = KSI_CERT_EMAIL; arr[0].val = "*****@*****.**"; res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr); CuAssert(tc, "Unable to set OID 2.5.4.9 back to normal", res == KSI_OK); /* Verification should not fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file must verify.", res == KSI_OK); KSI_PublicationsFile_free(pubFile); }
static void testLoadPublicationsFileWithNoCerts(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_LIST(KSI_CertificateRecord) *certList = NULL; KSI_PKICertificate *cert = NULL; unsigned char dummy[] = {0xca, 0xfe, 0xba, 0xbe}; KSI_OctetString *certId = NULL; KSI_ERR_clearErrors(ctx); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath("resource/publications/publications-nocerts.bin"), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_PublicationsFile_getCertificates(pubFile, &certList); CuAssert(tc, "Unable to get certificate list", res == KSI_OK); CuAssert(tc, "Unexpected certificate list length.", KSI_CertificateRecordList_length(certList) == 0); res = KSI_OctetString_new(ctx, dummy, sizeof(dummy), &certId); CuAssert(tc, "Creating an octetstring failed", res == KSI_OK && certId != NULL); res = KSI_PublicationsFile_getPKICertificateById(pubFile, certId, &cert); CuAssert(tc, "Searching for a non existend certificate failed", res == KSI_OK && cert == NULL); KSI_OctetString_free(certId); KSI_PublicationsFile_free(pubFile); }
static void testVerifyPublicationsFileWithNoConstraints(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_CertConstraint arr[] = { {NULL, NULL}, {NULL, NULL} }; KSI_ERR_clearErrors(ctx); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr); CuAssert(tc, "Unable to delete OID 1.2.840.113549.1.9.1", res == KSI_OK); /* Verification should not fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file may not verify with no constraints.", res == KSI_PUBFILE_VERIFICATION_NOT_CONFIGURED); arr[0].oid = KSI_CERT_EMAIL; arr[0].val = "*****@*****.**"; res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr); CuAssert(tc, "Unable to set OID 1.2.840.113549.1.9.1 back to normal", res == KSI_OK); /* Verification should not fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file must verify with e-mail.", res == KSI_OK); KSI_PublicationsFile_free(pubFile); }
static void testVerifyDocumentHash(CuTest *tc) { int res; unsigned char in[0x1ffff]; unsigned in_len = 0; char doc[] = "LAPTOP"; KSI_DataHash *hsh = NULL; FILE *f = NULL; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb"); CuAssert(tc, "Unable to open signature file.", f != NULL); in_len = (unsigned)fread(in, 1, sizeof(in), f); CuAssert(tc, "Nothing read from signature file.", in_len > 0); fclose(f); res = KSI_Signature_parse(ctx, in, in_len, &sig); CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL); /* Chech correct document. */ res = KSI_DataHash_create(ctx, doc, strlen(doc), KSI_HASHALG_SHA2_256, &hsh); CuAssert(tc, "Failed to create data hash", res == KSI_OK && hsh != NULL); res = KSI_Signature_verifyDataHash(sig, ctx, hsh); CuAssert(tc, "Failed to verify valid document", res == KSI_OK); KSI_DataHash_free(hsh); hsh = NULL; /* Chech wrong document. */ res = KSI_DataHash_create(ctx, doc, sizeof(doc), KSI_HASHALG_SHA2_256, &hsh); CuAssert(tc, "Failed to create data hash", res == KSI_OK && hsh != NULL); res = KSI_Signature_verifyDataHash(sig, ctx, hsh); CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE); KSI_DataHash_free(hsh); hsh = NULL; /* Check correct document with wrong hash algorithm. */ res = KSI_DataHash_create(ctx, doc, strlen(doc), KSI_HASHALG_SHA2_512, &hsh); CuAssert(tc, "Failed to create data hash", res == KSI_OK && hsh != NULL); res = KSI_Signature_verifyDataHash(sig, ctx, hsh); CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE); KSI_DataHash_free(hsh); KSI_Signature_free(sig); }
static void testSignatureWith2Anchors(CuTest *tc) { KSI_Signature *sig = NULL; int res; res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/nok-sig-two-anchors.tlv"), &sig); CuAssert(tc, "Reading a signature with more than one trust anchor should result in format error.", res == KSI_INVALID_FORMAT && sig == NULL); KSI_Signature_free(sig); }
static void testVerifySignatureNew(CuTest *tc) { int res; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL); /* Set the extend response. */ KSITest_setFileMockResponse(tc, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-extend_response.tlv")); res = KSI_verifySignature(ctx, sig); CuAssert(tc, "Unable to verify signature online.", res == KSI_OK); KSI_Signature_free(sig); }
static void testVerifySignatureExtendedToHead(CuTest *tc) { int res; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-head.ksig"), &sig); CuAssert(tc, "Signature should have either a calendar auth record or publication", res == KSI_OK && sig != NULL); /* Set the extend response. */ KSITest_setFileMockResponse(tc, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-head-extend_response.tlv")); ctx->requestCounter = 0; res = KSI_Signature_verifyOnline(sig, ctx); CuAssert(tc, "Signature should verify", res == KSI_OK); KSI_Signature_free(sig); }
static void testVerifyPublicationsFileAdditionalPublications(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_ERR_clearErrors(ctx); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TAMPERED_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "This publications file does not follow the correct format.", res != KSI_OK && pubFile == NULL); KSI_PublicationsFile_free(pubFile); }
static void testLoadSignatureFromFile(CuTest *tc) { int res; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL); KSI_Signature_free(sig); }
static void TestClone(CuTest *tc) { int res; KSI_TLV *tlv = NULL; KSI_TLV *clone = NULL; unsigned char in[0xffff + 4]; unsigned char out1[0xffff + 4]; char errstr[1024]; size_t out_len; size_t in_len; FILE *f = NULL; int i = 0; KSI_ERR_clearErrors(ctx); while (ok_sample[i] != NULL) { f = fopen(getFullResourcePath(ok_sample[i]), "rb"); CuAssert(tc, "Unable to open test file.", f != NULL); in_len = (unsigned) fread(in, 1, sizeof(in), f); fclose(f); f = NULL; res = KSI_TLV_parseBlob2(ctx, in, in_len, 0, &tlv); CuAssert(tc, "Unable to parse TLV.", res == KSI_OK); res = parseStructure(tlv, 0); CuAssert(tc, "Unable to parse TLV structure.", res == KSI_OK); res = KSI_TLV_clone(tlv, &clone); CuAssert(tc, "Unsable to clone TLV.", res == KSI_OK && clone != NULL); /* Re assemble TLV */ res = KSI_TLV_serialize_ex(clone, out1, sizeof(out1), &out_len); CuAssert(tc, "Unable to serialize TLV.", res == KSI_OK); CuAssert(tc, "Serialized TLV size mismatch.", in_len == out_len); sprintf(errstr, "Serialised TLV content does not match original: '%s'.", ok_sample[i]); CuAssert(tc, errstr, !memcmp(in, out1, in_len)); KSI_TLV_free(clone); clone = NULL; KSI_TLV_free(tlv); tlv = NULL; i++; } }
static void createMultiSignature(KSI_MultiSignature **ms) { const char *signatures[] = {TEST_SIGNATURE_FILE, TEST_EX_SIGNATURE_FILE, NULL}; KSI_MultiSignature *tmp = NULL; KSI_Signature *sig = NULL; size_t i; KSI_MultiSignature_new(ctx, &tmp); for (i = 0; signatures[i] != NULL; i++) { KSI_Signature_fromFile(ctx, getFullResourcePath(signatures[i]), &sig); KSI_MultiSignature_add(tmp, sig); KSI_Signature_free(sig); } *ms = tmp; }