static void testExtend(CuTest *tc) {
int res;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_Signature *sig = NULL;
KSI_PublicationRecord *pubRec = NULL;
res = KSI_MultiSignature_fromFile(ctx, getFullResourcePath("resource/multi_sig/test2.mksi"), &ms);
CuAssert(tc, "Unable to read multi signature container from file.", res == KSI_OK && ms != NULL);
res = KSI_CTX_setExtender(ctx, getFullResourcePathUri("resource/multi_sig/test2-extend_response-multiple.tlv"), "anon", "anon");
CuAssert(tc, "Unable to set extender response from file", res == KSI_OK);
res = KSI_MultiSignature_extend(ms);
CuAssert(tc, "Unable to perform multi signature container extension.", res == KSI_OK);
KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh);
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK);
res = KSI_Signature_getPublicationRecord(sig, &pubRec);
CuAssert(tc, "Signature should be extended.", res == KSI_OK && pubRec != NULL);
KSI_Signature_free(sig);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
}
static void testGetOldest(CuTest *tc) {
int res;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_Signature *sig = NULL;
KSI_Integer *tm = NULL;
res = KSI_MultiSignature_fromFile(ctx, getFullResourcePath("resource/multi_sig/test2.mksi"), &ms);
CuAssert(tc, "Unable to read multi signature container from file.", res == KSI_OK && ms != NULL);
KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh);
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK);
res = KSI_Signature_getSigningTime(sig, &tm);
CuAssert(tc, "Wrong signing time (probably returning the newer signature).", res == KSI_OK && KSI_Integer_equalsUInt(tm, 1398866256));
KSI_Signature_free(sig);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
}
static void testOnlyStrongestProofReturned(CuTest* tc) {
int res;
KSI_Signature *sig1 = NULL;
KSI_Signature *sig2 = NULL;
KSI_Signature *sig3 = NULL;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_PublicationRecord *publication = NULL;
KSI_CalendarAuthRec *calAuth = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_MultiSignature_new(ctx, &ms);
CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig1);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig1 != NULL);
res = KSI_MultiSignature_add(ms, sig1);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_EX_SIGNATURE_FILE), &sig2);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig2 != NULL);
res = KSI_MultiSignature_add(ms, sig2);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
res = KSI_Signature_getDocumentHash(sig1, &hsh);
CuAssert(tc, "Unable to get signed hash value.", res == KSI_OK && hsh != NULL);
res = KSI_MultiSignature_get(ms, hsh, &sig3);
CuAssert(tc, "Unable to extract signature from multi signature container.", res == KSI_OK && sig3 != NULL);
res = KSI_verifySignature(ctx, sig3);
CuAssert(tc, "Unable to verify extracted signature.", res == KSI_OK);
/* Verify the signature has a publication attached to it. */
res = KSI_Signature_getPublicationRecord(sig3, &publication);
CuAssert(tc, "Publication must be present", res == KSI_OK && publication != NULL);
/* Verify the signature does not contain a calendar authentication record. */
res = KSI_Signature_getCalendarAuthRec(sig3, &calAuth);
CuAssert(tc, "Signature may not have a calendar auth record and a publication.", res == KSI_OK && calAuth == NULL);
KSI_MultiSignature_free(ms);
KSI_Signature_free(sig1);
KSI_Signature_free(sig2);
KSI_Signature_free(sig3);
}
static void testVerifySignatureWithPublication(CuTest *tc) {
int res;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-extended.ksig"), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature with publication.", res == KSI_OK);
KSI_Signature_free(sig);
}
static void testVerifySignatureNew(CuTest *tc) {
int res;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
/* Set the extend response. */
KSITest_setFileMockResponse(tc, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-extend_response.tlv"));
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature online.", res == KSI_OK);
KSI_Signature_free(sig);
}
static void Test_OKExtendSignatureDefProvider(CuTest* tc) {
int res;
KSI_Signature *sig = NULL;
KSI_Signature *ext = NULL;
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig);
CuAssert(tc, "Unable to read signature frome file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_extend(sig, ctx, NULL, &ext);
CuAssert(tc, "Unable to extend signature", res == KSI_OK && ext != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature", res == KSI_OK);
KSI_ERR_clearErrors(ctx);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
}
static void testParseAndVerifySingle(CuTest *tc) {
int res;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_Signature *sig = NULL;
createMultiSignatureFromFile(tc, getFullResourcePath("resource/multi_sig/test1.mksi"), &ms);
KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh);
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK);
KSI_Signature_free(sig);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
}
static void testExtractingSingleLegacy(CuTest* tc) {
int res;
KSI_Signature *sig = NULL;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-legacy-sig-2014-06.gtts.ksig"), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_getDocumentHash(sig, &hsh);
CuAssert(tc, "Unable to get signed hash value.", res == KSI_OK && hsh != NULL);
KSI_DataHash_ref(hsh);
res = KSI_MultiSignature_new(ctx, &ms);
CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL);
res = KSI_MultiSignature_add(ms, sig);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
KSI_Signature_free(sig);
sig = NULL;
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Unable to extract signature from multi signature container.", res == KSI_OK && sig != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify extracted signature.", res == KSI_OK);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
KSI_Signature_free(sig);
}
int main(int argc, char **argv) {
KSI_CTX *ksi = NULL;
int res;
FILE *out = NULL;
KSI_Signature *sig = NULL;
KSI_Signature *ext = NULL;
KSI_HttpClient *net = NULL;
unsigned char *raw = NULL;
unsigned raw_len;
unsigned count;
FILE *logFile = NULL;
if (argc != 5) {
printf("Usage:\n"
" %s <signature> <extended> <extender uri> <pub-file uri| ->\n", argv[0]);
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
/* Init KSI context */
res = KSI_CTX_new(&ksi);
if (res != KSI_OK) {
fprintf(stderr, "Unable to init KSI context.\n");
goto cleanup;
}
logFile = fopen("ksi_extend.log", "w");
if (logFile == NULL) {
fprintf(stderr, "Unable to open log file.\n");
}
KSI_CTX_setLoggerCallback(ksi, KSI_LOG_StreamLogger, logFile);
KSI_CTX_setLogLevel(ksi, KSI_LOG_DEBUG);
KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion());
res = KSI_HttpClient_new(ksi, &net);
if (res != KSI_OK) {
fprintf(stderr, "Unable to create new network provider.\n");
goto cleanup;
}
res = KSI_HttpClient_setExtender(net, argv[3], "anon", "anon");
if (res != KSI_OK) goto cleanup;
if (strcmp(argv[4], "-")) {
res = KSI_HttpClient_setPublicationUrl(net, argv[4]);
if (res != KSI_OK) goto cleanup;
}
res = KSI_CTX_setNetworkProvider(ksi, (KSI_NetworkClient *)net);
if (res != KSI_OK) {
fprintf(stderr, "Unable to set new network provider.\n");
goto cleanup;
}
/* Read the signature. */
res = KSI_Signature_fromFile(ksi, argv[1], &sig);
if (res != KSI_OK) {
KSI_ERR_statusDump(ksi, stdout);
fprintf(stderr, "Unable to read signature from '%s'\n", argv[1]);
goto cleanup;
}
/* Make sure the signature is ok. */
res = KSI_verifySignature(ksi, sig);
if (res != KSI_OK) {
fprintf(stderr, "Unable to verify signature.\n");
KSI_ERR_statusDump(ksi, stderr);
goto cleanup;
}
/* Extend the signature. */
res = KSI_extendSignature(ksi, sig, &ext);
if (res != KSI_OK) {
if (res == KSI_EXTEND_NO_SUITABLE_PUBLICATION) {
printf("No suitable publication to extend to.\n");
goto cleanup;
}
fprintf(stderr, "Unable to extend signature.\n");
KSI_ERR_statusDump(ksi, stderr);
goto cleanup;
}
/* To be extra sure, lets verify the extended signature. */
res = KSI_verifySignature(ksi, ext);
if (res != KSI_OK) {
fprintf(stderr, "Unable to verify the extended signature.\n");
KSI_ERR_statusDump(ksi, stderr);
goto cleanup;
}
/* Serialize the extended signature. */
res = KSI_Signature_serialize(ext, &raw, &raw_len);
if (res != KSI_OK) {
fprintf(stderr, "Unable to serialize extended signature.\n");
goto cleanup;
}
/* Open output file. */
out = fopen(argv[2], "wb");
if (out == NULL) {
fprintf(stderr, "Unable to open output file '%s'\n", argv[2]);
res = KSI_IO_ERROR;
goto cleanup;
}
count = (unsigned)fwrite(raw, 1, raw_len, out);
if (count != raw_len) {
fprintf(stderr, "Failed to write output file.\n");
res = KSI_IO_ERROR;
goto cleanup;
}
printf("Signature extended.");
cleanup:
if (logFile != NULL) fclose(logFile);
if (out != NULL) fclose(out);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
KSI_free(raw);
KSI_CTX_free(ksi);
return res;
}
static void testMedaData(CuTest *tc) {
#define TEST_AGGR_RESPONSE_FILE "resource/tlv/test_meta_data_response.tlv"
int res = KSI_UNKNOWN_ERROR;
KSI_BlockSigner *bs = NULL;
KSI_MetaData *md = NULL;
char data[] = "LAPTOP";
char *clientId[] = { "Alice", "Bob", "Claire", NULL };
size_t i;
KSI_DataHash *hsh = NULL;
KSI_BlockSignerHandle *hndl[] = {NULL, NULL, NULL};
KSI_Signature *sig = NULL;
char *id = NULL;
res = KSI_DataHash_create(ctx, data, strlen(data), KSI_HASHALG_SHA2_256, &hsh);
CuAssert(tc, "Unable to create data hash.", res == KSI_OK && hsh != NULL);
res = KSI_BlockSigner_new(ctx, KSI_HASHALG_SHA2_256, NULL, NULL, &bs);
CuAssert(tc, "Unable to create block signer instance.", res == KSI_OK && bs != NULL);
for (i = 0; clientId[i] != NULL; i++) {
res = createMetaData(clientId[i], &md);
CuAssert(tc, "Unable to create meta-data.", res == KSI_OK && md != NULL);
res = KSI_BlockSigner_addLeaf(bs, hsh, 0, md, &hndl[i]);
CuAssert(tc, "Unable to add leaf to the block signer.", res == KSI_OK && hndl[i] != NULL);
KSI_MetaData_free(md);
md = NULL;
}
res = KSI_CTX_setAggregator(ctx, getFullResourcePathUri(TEST_AGGR_RESPONSE_FILE), TEST_USER, TEST_PASS);
CuAssert(tc, "Unable to set aggregator file URI.", res == KSI_OK);
res = KSI_BlockSigner_close(bs, NULL);
CuAssert(tc, "Unable to close the blocksigner.", res == KSI_OK);
/* Loop over all the handles, and extract the signature. */
for (i = 0; clientId[i] != NULL; i++) {
char expId[0xff];
/* Extract the signature. */
res = KSI_BlockSignerHandle_getSignature(hndl[i], &sig);
CuAssert(tc, "Unable to extract signature.", res == KSI_OK && sig != NULL);
/* Verify the signature. */
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify the extracted signature.", res == KSI_OK);
/* Extract the id attribution. */
res = KSI_Signature_getSignerIdentity(sig, &id);
CuAssert(tc, "Unable to extract the signer identity.", res == KSI_OK && id != NULL);
/* Create the expected id value. */
KSI_snprintf(expId, sizeof(expId), "%s :: %s", "GT :: GT :: release test :: anon http", clientId[i]);
CuAssert(tc, "Client id not what expected.", !strcmp(id, expId));
/* Cleanup. */
KSI_Signature_free(sig);
sig = NULL;
KSI_free(id);
id = NULL;
KSI_BlockSignerHandle_free(hndl[i]);
}
KSI_DataHash_free(hsh);
KSI_MetaData_free(md);
KSI_BlockSigner_free(bs);
#undef TEST_AGGR_RESPONSE_FILE
}
