diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2013-03-08 14:32:06 +0100 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2013-03-08 14:32:06 +0100 |
| commit | febd1c619d3774766064294358c885f14c74ed7c (patch) | |
| tree | 8df79b15577d294cf36ad186a5d4fe5151098063 /runtime | |
| parent | e34de52833507224f5f0522fd205ee4fae81176e (diff) | |
| download | rsyslog-febd1c619d3774766064294358c885f14c74ed7c.tar.gz rsyslog-febd1c619d3774766064294358c885f14c74ed7c.tar.bz2 rsyslog-febd1c619d3774766064294358c885f14c74ed7c.zip | |
logsig: add capability to write log signature records
Diffstat (limited to 'runtime')
| -rw-r--r-- | runtime/librsgt.c | 16 | ||||
| -rw-r--r-- | runtime/librsgt_read.c | 63 |
2 files changed, 75 insertions, 4 deletions
diff --git a/runtime/librsgt.c b/runtime/librsgt.c index aa37dc84..f00c894d 100644 --- a/runtime/librsgt.c +++ b/runtime/librsgt.c @@ -218,6 +218,18 @@ tlvFlush(gtctx ctx) } void +tlvWriteRecHash(gtctx ctx, GTDataHash *r) +{ + unsigned tlvlen; + + tlvlen = 1 + r->digest_length; + tlv16Write(ctx, 0x00, 0x0900, tlvlen); + tlvbufAddOctet(ctx, hashIdentifier(ctx->hashAlg)); + tlvbufAddOctetString(ctx, r->digest, r->digest_length); +dbgprintf("DDDD: tlvWriteRecHash: tlvlen %u, digest_len %u\n", tlvlen, r->digest_length); +} + +void tlvWriteBlockSig(gtctx ctx, uchar *der, uint16_t lenDer) { unsigned tlvlen; @@ -490,7 +502,7 @@ hash_m(gtctx ctx, GTDataHash **m) GTDataHash_create(ctx->hashAlg, concatBuf, len, m); } -static void +static inline void hash_r(gtctx ctx, GTDataHash **r, const uchar *rec, const size_t len) { // r = hash(canonicalize(rec)); @@ -521,6 +533,8 @@ sigblkAddRecord(gtctx ctx, const uchar *rec, const size_t len) hash_m(ctx, &m); hash_r(ctx, &r, rec, len); + if(ctx->bKeepRecordHashes) + tlvWriteRecHash(ctx, r); hash_node(ctx, &x, m, r, 1); /* hash leaf */ /* persists x here if Merkle tree needs to be persisted! */ /* add x to the forest as new leaf, update roots list */ diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c index fa489a0f..a1c59509 100644 --- a/runtime/librsgt_read.c +++ b/runtime/librsgt_read.c @@ -160,6 +160,10 @@ rsgt_tlvrdLAST_HASH(FILE *fp, imprint_t *imp) if(!(tlvtype == 0x02)) { r = RSGTE_INVLTYP; goto done; } NEXTC; imp->hashID = c; + if(tlvlen != 1 + hashOutputLengthOctets(imp->hashID)) { + r = RSGTE_LEN; + goto done; + } imp->len = tlvlen - 1; CHKr(rsgt_tlvrdOctetString(fp, &imp->data, tlvlen-1)); r = 0; @@ -223,7 +227,7 @@ rsgt_tlvrdBLOCK_SIG(FILE *fp, block_sig_t **blocksig, uint16_t tlvlen) 2 + lenInt /* rec-count */ + 4 + bs->sig.der.len /* rfc-3161 */; if(sizeRead != tlvlen) { - printf("lenght record error!\n"); + printf("length record error!\n"); r = RSGTE_LEN; goto done; } @@ -232,8 +236,38 @@ rsgt_tlvrdBLOCK_SIG(FILE *fp, block_sig_t **blocksig, uint16_t tlvlen) done: return r; } +static int +rsgt_tlvrdREC_HASH(FILE *fp, imprint_t **imprint, uint16_t tlvlen) +{ + int r = 1; + imprint_t *imp; + int c; -/** + if((imp = calloc(1, sizeof(imprint_t))) == NULL) { + r = RSGTE_OOM; + goto done; + } + if((imp->data = calloc(1, sizeof(imprint_t))) == NULL) { + r = RSGTE_OOM; + goto done; + } + + NEXTC; + imp->hashID = c; + if(tlvlen != 1 + hashOutputLengthOctets(imp->hashID)) { + r = RSGTE_LEN; + goto done; + } + imp->len = tlvlen - 1; + CHKr(rsgt_tlvrdOctetString(fp, &imp->data, tlvlen-1)); + + *imprint = imp; + r = 0; +done: return r; +} + + +/**; * Read the next "object" from file. This usually is * a single TLV, but may be something larger, for * example in case of a block-sig TLV record. @@ -258,6 +292,10 @@ rsgt_tlvrd(FILE *fp, uint16_t *tlvtype, uint16_t *tlvlen, void *obj) if((r = rsgt_tlvrdTL(fp, tlvtype, tlvlen)) != 0) goto done; switch(*tlvtype) { + case 0x0900: + r = rsgt_tlvrdREC_HASH(fp, obj, *tlvlen); + if(r != 0) goto done; + break; case 0x0902: r = rsgt_tlvrdBLOCK_SIG(fp, obj, *tlvlen); if(r != 0) goto done; @@ -295,6 +333,22 @@ blobIsZero(uint8_t *blob, uint16_t len) return 0; return 1; } + +static void +rsgt_printIMPRINT(FILE *fp, char *name, imprint_t *imp, uint8_t verbose) +{ + fprintf(fp, "%s", name); + outputHexBlob(imp->data, imp->len, verbose); + fputc('\n', fp); +} + +static void +rsgt_printREC_HASH(FILE *fp, imprint_t *imp, uint8_t verbose) +{ + rsgt_printIMPRINT(fp, "[0x0900]Record Signature Record: ", + imp, verbose); +} + /** * Output a human-readable representation of a block_sig_t * to proviced file pointer. This function is mainly inteded for @@ -307,7 +361,7 @@ blobIsZero(uint8_t *blob, uint16_t len) void rsgt_printBLOCK_SIG(FILE *fp, block_sig_t *bs, uint8_t verbose) { - fprintf(fp, "Block Signature Record [0x0902]:\n"); + fprintf(fp, "[0x0902]Block Signature Record:\n"); fprintf(fp, "\tPrevious Block Hash:\n"); fprintf(fp, "\t Algorithm..: %s\n", hashAlgName(bs->lastHash.hashID)); fprintf(fp, "\t Hash.......: "); @@ -339,6 +393,9 @@ void rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose) { switch(tlvtype) { + case 0x0900: + rsgt_printREC_HASH(fp, obj, verbose); + break; case 0x0902: rsgt_printBLOCK_SIG(fp, obj, verbose); break; |