logsig: add config parameters (for omfile)

6 files changed, 134 insertions, 14 deletions

diff --git a/runtime/librsgt.c b/runtime/librsgt.c
index 4e457005..2f336e2d 100644
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@@ -350,15 +350,21 @@ seedIV(gtctx ctx)
 }
 
 gtctx
-rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg)
+rsgtCtxNew(void)
 {
-	char fn[MAXFNAME+1];
 	gtctx ctx;
-	ctx =  calloc(1, sizeof(struct gtctx_s));
+	ctx = calloc(1, sizeof(struct gtctx_s));
 	ctx->x_prev = NULL;
-	ctx->hashAlg = hashAlg;
+	ctx->hashAlg = GT_HASHALG_SHA256;
 	ctx->timestamper = strdup(
 			   "http://stamper.guardtime.net/gt-signingservice");
+	return ctx;
+}
+
+int
+rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn)
+{
+	char fn[MAXFNAME+1];
 	snprintf(fn, sizeof(fn), "%s.gtsig", logfn);
 	fn[MAXFNAME] = '\0'; /* be on save side */
 	ctx->sigfilename = (uchar*) strdup(fn);
@@ -366,9 +372,31 @@ rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg)
 	fn[MAXFNAME] = '\0'; /* be on save side */
 	ctx->statefilename = (uchar*) strdup(fn);
 	tlvOpen(ctx, LOGSIGHDR, sizeof(LOGSIGHDR)-1);
-	return ctx;
+	return 0;
 }
  
+
+/* returns 0 on succes, 1 if algo is unknown */
+int
+rsgtSetHashFunction(gtctx ctx, char *algName)
+{
+	int r = 0;
+	if(!strcmp(algName, "SHA2-256"))
+		ctx->hashAlg = GT_HASHALG_SHA256;
+	else if(!strcmp(algName, "SHA2-384"))
+		ctx->hashAlg = GT_HASHALG_SHA384;
+	else if(!strcmp(algName, "SHA2-512"))
+		ctx->hashAlg = GT_HASHALG_SHA512;
+	else if(!strcmp(algName, "SHA1"))
+		ctx->hashAlg = GT_HASHALG_SHA1;
+	else if(!strcmp(algName, "RIPEMD-160"))
+		ctx->hashAlg = GT_HASHALG_RIPEMD160;
+	else if(!strcmp(algName, "SHA2-224"))
+		ctx->hashAlg = GT_HASHALG_SHA224;
+	else
+		r = 1;
+	return r;
+}
 void
 rsgtCtxDel(gtctx ctx)
 {
diff --git a/runtime/librsgt.h b/runtime/librsgt.h
index ff35d19b..a4ea7cc1 100644
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@@ -37,6 +37,9 @@ struct gtctx_s {
 	enum GTHashAlgorithm hashAlg;
 	uint8_t *IV; /* initial value for blinding masks (where to do we get it from?) */
 	GTDataHash *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
+	uint8_t bKeepRecordHashes;
+	uint8_t bKeepTreeHashes;
+	uint64_t blockSizeLimit;
 	char *timestamper;
 	unsigned char *sigfilename;
 	unsigned char *statefilename;
@@ -172,10 +175,33 @@ getIVLen(block_sig_t *bs)
 {
 	return hashOutputLengthOctets(bs->hashID);
 }
+static inline void
+rsgtSetTimestamper(gtctx ctx, char *timestamper)
+{
+	free(ctx->timestamper);
+	ctx->timestamper = strdup(timestamper);
+}
+static inline void
+rsgtSetBlockSizeLimit(gtctx ctx, uint64_t limit)
+{
+	ctx->blockSizeLimit = limit;
+}
+static inline void
+rsgtSetKeepRecordHashes(gtctx ctx, int val)
+{
+	ctx->bKeepRecordHashes = val;
+}
+static inline void
+rsgtSetKeepTreeHashes(gtctx ctx, int val)
+{
+	ctx->bKeepTreeHashes = val;
+}
 
+int rsgtSetHashFunction(gtctx ctx, char *algName);
 void rsgtInit(char *usragent);
 void rsgtExit(void);
-gtctx rsgtCtxNew(unsigned char *logfn, enum GTHashAlgorithm hashAlg);
+gtctx rsgtCtxNew(void);
+int rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn);
 void rsgtCtxDel(gtctx ctx);
 void sigblkInit(gtctx ctx);
 void sigblkAddRecord(gtctx ctx, const unsigned char *rec, const size_t len);
diff --git a/runtime/lmsig_gt.c b/runtime/lmsig_gt.c
index 8be3e045..474c573f 100644
--- a/runtime/lmsig_gt.c
+++ b/runtime/lmsig_gt.c
@@ -41,11 +41,25 @@ DEFobjStaticHelpers
 DEFobjCurrIf(errmsg)
 DEFobjCurrIf(glbl)
 
+/* tables for interfacing with the v6 config system */
+static struct cnfparamdescr cnfpdescr[] = {
+	{ "sig.hashfunction", eCmdHdlrGetWord, 0 },
+	{ "sig.timestampservice", eCmdHdlrGetWord, 0 },
+	{ "sig.block.sizelimit", eCmdHdlrSize, 0 },
+	{ "sig.keeprecordhashes", eCmdHdlrBinary, 0 },
+	{ "sig.keeptreehashes", eCmdHdlrBinary, 0 }
+};
+static struct cnfparamblk pblk =
+	{ CNFPARAMBLK_VERSION,
+	  sizeof(cnfpdescr)/sizeof(struct cnfparamdescr),
+	  cnfpdescr
+	};
 
 /* Standard-Constructor
  */
-BEGINobjConstruct(lmsig_gt) /* be sure to specify the object type also in END macro! */
+BEGINobjConstruct(lmsig_gt)
 	dbgprintf("DDDD: lmsig_gt: called construct\n");
+	pThis->ctx = rsgtCtxNew();
 ENDobjConstruct(lmsig_gt)
 
 
@@ -55,13 +69,61 @@ CODESTARTobjDestruct(lmsig_gt)
 	dbgprintf("DDDD: lmsig_gt: called destruct\n");
 ENDobjDestruct(lmsig_gt)
 
+
+/* apply all params from param block to us. This must be called
+ * after construction, but before the OnFileOpen() entry point.
+ * Defaults are expected to have been set during construction.
+ */
+rsRetVal
+SetCnfParam(void *pT, struct nvlst *lst)
+{
+	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
+	int i;
+	uchar *cstr;
+	struct cnfparamvals *pvals;
+	pvals = nvlstGetParams(lst, &pblk, NULL);
+	if(Debug) {
+		dbgprintf("sig param blk in lmsig_gt:\n");
+		cnfparamsPrint(&pblk, pvals);
+	}
+
+	for(i = 0 ; i < pblk.nParams ; ++i) {
+		if(!pvals[i].bUsed)
+			continue;
+		if(!strcmp(pblk.descr[i].name, "sig.hashfunction")) {
+			cstr = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL);
+			if(rsgtSetHashFunction(pThis->ctx, (char*)cstr) != 0) {
+				errmsg.LogError(0, RS_RET_ERR, "Hash function "
+					"'%s' unknown - using default", cstr);
+			}
+			free(cstr);
+		} else if(!strcmp(pblk.descr[i].name, "sig.timestampservice")) {
+			cstr = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
+			rsgtSetTimestamper(pThis->ctx, (char*) cstr);
+			free(cstr);
+		} else if(!strcmp(pblk.descr[i].name, "sig.block.sizelimit")) {
+			rsgtSetBlockSizeLimit(pThis->ctx, pvals[i].val.d.n);
+		} else if(!strcmp(pblk.descr[i].name, "sig.keeprecordhashes")) {
+			rsgtSetKeepRecordHashes(pThis->ctx, pvals[i].val.d.n);
+		} else if(!strcmp(pblk.descr[i].name, "sig.keeptreehashes")) {
+			rsgtSetKeepTreeHashes(pThis->ctx, pvals[i].val.d.n);
+		} else {
+			DBGPRINTF("lmsig_gt: program error, non-handled "
+			  "param '%s'\n", pblk.descr[i].name);
+		}
+	}
+	cnfparamvalsDestruct(pvals, &pblk);
+	return RS_RET_OK;
+}
+
+
 static rsRetVal
 OnFileOpen(void *pT, uchar *fn)
 {
 	lmsig_gt_t *pThis = (lmsig_gt_t*) pT;
 	DEFiRet;
 dbgprintf("DDDD: onFileOpen: %s\n", fn);
-	pThis->ctx = rsgtCtxNew(fn, GT_HASHALG_SHA256);
+	rsgtCtxOpenFile(pThis->ctx, fn);
 	sigblkInit(pThis->ctx);
 
 	RETiRet;
@@ -95,6 +157,7 @@ CODESTARTobjQueryInterface(lmsig_gt)
 		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
 	}
 	pIf->Construct = (rsRetVal(*)(void*)) lmsig_gtConstruct;
+	pIf->SetCnfParam = SetCnfParam;
 	pIf->Destruct = (rsRetVal(*)(void*)) lmsig_gtDestruct;
 	pIf->OnFileOpen = OnFileOpen;
 	pIf->OnRecordWrite = OnRecordWrite;
diff --git a/runtime/sigprov.h b/runtime/sigprov.h
index 0154a1f4..5abfb390 100644
--- a/runtime/sigprov.h
+++ b/runtime/sigprov.h
@@ -27,6 +27,7 @@
 /* interface */
 BEGINinterface(sigprov) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*Construct)(void *ppThis);
+	rsRetVal (*SetCnfParam)(void *ppThis, struct nvlst *lst);
 	rsRetVal (*Destruct)(void *ppThis);
 	rsRetVal (*OnFileOpen)(void *pThis, uchar *fn);
 	rsRetVal (*OnRecordWrite)(void *pThis, uchar *rec, rs_size_t lenRec);
diff --git a/tools/Makefile.am b/tools/Makefile.am
index ecdce8ea..8af86cb4 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -59,10 +59,11 @@ logctl_CPPFLAGS =  $(LIBMONGO_CLIENT_CFLAGS)
 logctl_LDADD = $(LIBMONGO_CLIENT_LIBS)
 endif
 if ENABLE_GUARDTIME
-bin_PROGRAMS += logsigner rsgttlvdump
-logsigner = logsigner.c
-logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
-logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
+bin_PROGRAMS += rsgttlvdump
+#bin_PROGRAMS += logsigner rsgttlvdump
+#logsigner = logsigner.c
+#logsigner_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
+#logsigner_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
 rsgttlvdump = rsgttlvdump.c
 rsgttlvdump_CPPFLAGS =  $(RSRT_CFLAGS) $(GUARDTIME_CFLAGS)
 rsgttlvdump_LDADD = ../runtime/librsgt.la $(GUARDTIME_LIBS)
diff --git a/tools/omfile.c b/tools/omfile.c
index efdf5e5b..e439d504 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -989,7 +989,7 @@ finalize_it:
 }
 
 static inline void
-initSigprov(instanceData *pData)
+initSigprov(instanceData *pData, struct nvlst *lst)
 {
 	uchar szDrvrName[1024];
 
@@ -1022,6 +1022,7 @@ initSigprov(instanceData *pData)
 				szDrvrName);
 		goto done;
 	}
+	pData->sigprov.SetCnfParam(pData->sigprovData, lst);
 
 	dbgprintf("loaded signature provider %s, data instance at %p\n",
 		  szDrvrName, pData->sigprovData);
@@ -1111,7 +1112,7 @@ CODESTARTnewActInst
 	}
 
 	if(pData->sigprovName != NULL) {
-		initSigprov(pData);
+		initSigprov(pData, lst);
 	}
 
 	tplToUse = ustrdup((pData->tplName == NULL) ? getDfltTpl() : pData->tplName);