diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2013-03-18 14:41:11 +0100 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2013-03-18 14:41:11 +0100 |
| commit | 1125a60d3fcc5b64e0cc7abe54748b6d6ee2fb28 (patch) | |
| tree | 418f5ad845ec05e7c0b8c41bfafa7080ea7ab3fc | |
| parent | b09d37063fc155ff5ec38430c679da5be5de0dcc (diff) | |
| download | rsyslog-1125a60d3fcc5b64e0cc7abe54748b6d6ee2fb28.tar.gz rsyslog-1125a60d3fcc5b64e0cc7abe54748b6d6ee2fb28.tar.bz2 rsyslog-1125a60d3fcc5b64e0cc7abe54748b6d6ee2fb28.zip | |
logsig: implement timestamp verification
We now use a higher-level verification function as suggested
by GuardTime.
| -rw-r--r-- | runtime/librsgt_read.c | 25 | ||||
| -rw-r--r-- | tools/rsgtutil.c | 4 |
2 files changed, 15 insertions, 14 deletions
diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c index 0cc5f492..11c43775 100644 --- a/runtime/librsgt_read.c +++ b/runtime/librsgt_read.c @@ -37,6 +37,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> +#include <gt_http.h> #include "librsgt.h" @@ -719,20 +720,11 @@ done: } -static int -verifyTimestamp(gtfile gf, GTDataHash *root) -{ - int r = 0; - printf("in verifyTimestamp\n"); - return r; -} - - /* TODO: think about merging this with the writer. The * same applies to the other computation algos. */ static int -verifySigblkFinish(gtfile gf) +verifySigblkFinish(gtfile gf, GTDataHash **pRoot) { GTDataHash *root, *rootDel; int8_t j; @@ -753,15 +745,16 @@ verifySigblkFinish(gtfile gf) GTDataHash_free(rootDel); } } - r = verifyTimestamp(gf, root); free(gf->blkStrtHash); gf->blkStrtHash = NULL; + *pRoot = root; // We do not need the following as we take this from the block params // (but I leave it in in order to aid getting to common code) //gf->lenBlkStrtHash = gf->x_prev->digest_length; //gf->blkStrtHash = malloc(gf->lenBlkStrtHash); //memcpy(gf->blkStrtHash, gf->x_prev->digest, gf->lenBlkStrtHash); + r = 0; done: gf->bInBlk = 0; return r; @@ -778,8 +771,9 @@ verifyBLOCK_SIG(block_sig_t *bs, gtfile gf, FILE *sigfp, uint64_t nRecs) block_sig_t *file_bs; GTTimestamp *timestamp = NULL; GTVerificationInfo *vrfyInf; + GTDataHash *root = NULL; - if((r = verifySigblkFinish(gf)) != 0) + if((r = verifySigblkFinish(gf, &root)) != 0) goto done; if((r = rsgt_tlvrdVrfyBlockSig(sigfp, &file_bs)) != 0) goto done; @@ -793,8 +787,11 @@ printf("len DER timestamp: %d, data %p\n", (int) file_bs->sig.der.len, file_bs-> gtstate = GTTimestamp_DERDecode(file_bs->sig.der.data, file_bs->sig.der.len, ×tamp); printf("result of GTTimestamp_DERDecode: %d\n", gtstate); - gtstate = GTTimestamp_verify(timestamp, 1, &vrfyInf); -printf("result of GTTimestamp_verify: %d, verf_err %d\n", gtstate, vrfyInf->verification_errors ); + gtstate = GTHTTP_verifyTimestampHash(timestamp, root, NULL, + NULL, NULL, + "http://verify.guardtime.com/gt-controlpublications.bin", + 0, &vrfyInf); +printf("result of HTTP_vrfy: %d: %s\n", gtstate, GTHTTP_getErrorString(gtstate)); if(! (gtstate == GT_OK && vrfyInf->verification_errors == GT_NO_FAILURES) ) { r = RSGTE_INVLD_TIMESTAMP; goto done; diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c index cc045f8c..0ccfcd7b 100644 --- a/tools/rsgtutil.c +++ b/tools/rsgtutil.c @@ -192,6 +192,9 @@ verify(char *name) goto err; } } + + rsgtInit("rsyslog rsgtutil " VERSION); + if((r = rsgt_chkFileHdr(sigfp, "LOGSIG10")) != 0) goto err; gf = rsgt_vrfyConstruct_gf(); @@ -231,6 +234,7 @@ err: fclose(sigfp); if(r != RSGTE_EOF) fprintf(stderr, "error %d processing file %s [%s]\n", r, name, sigfname); + rsgtExit(); } static void |