diff --git a/changelog b/changelog index ed9f0052..ef87afcb 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,15 @@ +(KSICAPI-552)* IMPROVEMENT: Code refactored in tlv_element.c to eliminate redundant addition to NULL pointer. +* FEATURE: Added SM-3 and SHA-3 family hash functions for OpenSSL. +(KSICAPI-553)* IMPROVEMENT: Redundant code from fast_tlv.c removed. +(KSICAPI-548)* BUGFIX: Possibly uninitialized clean in KSI_SignatureBuilder_close fixed. +* BUGFIX: Memory leak in several KSI_TlvElement_* functions fixed. +(KSICAPI-545)* BUGFIX: Tests failing due to expired certificate fixed. +(KSICAPI-555)* BUGFIX: Test testUnimplementedHashAlgorithm fixed. +(KSICAPI-554)* BUGFIX: String comparison in test/include-test.sh fixed. +(KSICAPI-549)* BUGFIX: Potential memory leak in KSI_TreeLeafHandle_getAggregationChain fixed. +(KSICAPI-550)* BUGFIX: Possibly NULL passed to memcpy with byte count 0 in tlv.c fixed. +(KSICAPI-551)* BUGFIX: Unexpected behaviour fixed when dealing with SHA3-512 hash algorithm names. + Version 3.20 2019-10-07 release(3.20.3025) @@ -21,6 +33,7 @@ Version 3.19 2019-01-30 release(3.19.2919) * FEATURE: Added new async handle state KSI_ASYNC_STATE_ERROR_NOTICE for returning errors that whould be otherwise resolved internally (eg. in case of high availability where one of the configured endpoint encounter connection issues). +* FEATURE: Added new option KSI_ASYNC_OPT_HMAC_ALGORITHM for overriding default HMAC algorithm set via KSI_CTX options KSI_OPT_AGGR_HMAC_ALGORITHM or KSI_OPT_EXT_HMAC_ALGORITHM. * FEATURE: Added new option KSI_ASYNC_OPT_CONF_CONSOLIDATE_CALLBACK for overriding default consolidation handling. * FEATURE: Added async service option KSI_ASYNC_OPT_CONNECTION_STATE_CALLBACK for setting connection state listener. * FEATURE: Added prefix string format support to KSI_LOG_logBlob. Interface remains fully backwards compatible. diff --git a/configure.ac b/configure.ac index 7cf76f83..1c0975c4 100644 --- a/configure.ac +++ b/configure.ac @@ -23,7 +23,7 @@ AC_CONFIG_AUX_DIR(config) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([src/ksi/config.h]) AC_CANONICAL_TARGET - +AM_MAINTAINER_MODE # Before making a release, the LTVER string should be modified. The # string is of the form c:r:a. Follow these instructions sequentially: @@ -118,19 +118,47 @@ if test ! -z "$with_openssl" ; then LDFLAGS="-L$with_openssl/lib $LDFLAGS" fi +AC_CHECK_LIB([crypto], [SHA256_Init], [], [AC_MSG_FAILURE([Could not find OpenSSL 0.9.8+ libraries.])]) + +AC_MSG_CHECKING([if compile with SM3 hash algorithm]) + +AC_ARG_WITH(sm3-hash-algorithm, +[ --with-sm3-hash-algorithm build support for SM3 hash algorithm (default: no)], +:,[with_sm3_hash_algorithm="no"]) +AC_MSG_RESULT([$with_sm3_hash_algorithm]) + AC_ARG_WITH(hash-provider, [ --with-hash-provider= build using library for hash functions (default: openssl)], :, with_hash_provider=openssl) if test "x$with_hash_provider" = "xcommoncrypto" ; then AC_DEFINE_UNQUOTED(KSI_HASH_IMPL, KSI_IMPL_COMMONCRYPTO, [Use CommonCrypto.]) AC_CHECK_HEADER([CommonCrypto/CommonCrypto.h]) + if test "x$with_sm3_hash_algorithm" = "xyes" ; then + AC_MSG_ERROR([SM3 hash algorithm not supported by CommonCrypto.]) + fi + elif test "x$with_hash_provider" = "xopenssl" ; then + use_native_hmac="no" + AC_CHECK_FUNCS([HMAC_CTX_new], [use_native_hmac="yes"],[]) AC_DEFINE_UNQUOTED(KSI_HASH_IMPL, KSI_IMPL_OPENSSL, [Use OpenSSL.]) + AC_CHECK_FUNCS([EVP_sha3_256 EVP_sha3_384 EVP_sha3_512]) + + if test "x$with_sm3_hash_algorithm" = "xyes" ; then + AC_CHECK_FUNCS([EVP_sm3],[],[AC_MSG_ERROR([SM3 hash algorithm not supported by OpenSSL.])]) + fi + else AC_MSG_ERROR([*** Unknown hash provider.]) fi -AC_CHECK_LIB([crypto], [SHA256_Init], [], [AC_MSG_FAILURE([Could not find OpenSSL 0.9.8+ libraries.])]) +AC_MSG_CHECKING([Use native HMAC implementation]) +if test "x$use_native_hmac" = "xyes" ; then + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(KSI_NATIVE_HMAC, [1], [Use native HMAC implementation.]) +else + AC_MSG_RESULT([no]) +fi + AC_CHECK_LIB([curl], [curl_easy_init], [], [AC_MSG_FAILURE([Could nod find Curl libraries.])]) AC_ARG_WITH(cafile, @@ -196,14 +224,6 @@ if test -z "$with_cafile" -a -z "$with_cadir"; then fi fi -# Reduce warnings generated by OpenSSL under OSX -case "${target_os}" in - darwin*) - CFLAGS="$CFLAGS -mmacosx-version-min=10.5" - LDFLAGS="$LDFLAGS -mmacosx-version-min=10.5" - ;; -esac - # To ensure compatibility with Microsoft compiler. CFLAGS+=" -Wdeclaration-after-statement" # Add more warnings. diff --git a/src/ksi/GNUmakefile.am b/src/ksi/GNUmakefile.am index ede2e469..44aa61ec 100644 --- a/src/ksi/GNUmakefile.am +++ b/src/ksi/GNUmakefile.am @@ -45,7 +45,6 @@ libksi_la_SOURCES = \ hash_openssl.c \ hash_commoncrypto.c \ hmac.h \ - impl/hmac_impl.h\ hmac.c \ http_parser.h \ http_parser.c \ diff --git a/src/ksi/fast_tlv.c b/src/ksi/fast_tlv.c index be9111e4..9e6826ce 100644 --- a/src/ksi/fast_tlv.c +++ b/src/ksi/fast_tlv.c @@ -115,15 +115,11 @@ int readData(void *fd, unsigned char *buf, size_t len, size_t *consumed, struct res = KSI_INVALID_FORMAT; goto cleanup; } - - res = parseHdr(buf, 4, t); - if (res != KSI_OK) goto cleanup; - - } else { - res = parseHdr(buf, 2, t); - if (res != KSI_OK) goto cleanup; } + res = parseHdr(buf, len, t); + if (res != KSI_OK) goto cleanup; + if (len < t->hdr_len + t->dat_len) { res = KSI_BUFFER_OVERFLOW; goto cleanup; @@ -174,14 +170,8 @@ int KSI_FTLV_memRead(const unsigned char *m, size_t l, KSI_FTLV *t) { /* Initialize offset. */ t->off = 0; - if (m[0] & KSI_TLV_MASK_TLV16) { - res = parseHdr(m, l, t); - if (res != KSI_OK) goto cleanup; - } else { res = parseHdr(m, l, t); if (res != KSI_OK) goto cleanup; - } - if (l < t->hdr_len + t->dat_len) { res = KSI_INVALID_FORMAT; goto cleanup; diff --git a/src/ksi/hash.c b/src/ksi/hash.c index b2fd469c..c757b89a 100644 --- a/src/ksi/hash.c +++ b/src/ksi/hash.c @@ -37,14 +37,14 @@ const int KSI_HASHALG_SHA3_244 = KSI_HASHALG_SHA3_224; /** Hash algorithm names. The last name has to be an empty string. */ static const char * const KSI_HASHALG_SHA1_names[] = {"SHA-1", "SHA1", ""}; static const char * const KSI_HASHALG_SHA2_256_names[] = {"SHA-256", "SHA2-256", "SHA-2", "SHA2", "SHA256", "DEFAULT", ""}; -static const char * const KSI_HASHALG_RIPEMD160_names[] = { "RIPEMD-160", "RIPEMD160", ""}; -static const char * const KSI_HASHALG_SHA2_384_names[] = { "SHA-384", "SHA384", "SHA2-384", ""}; -static const char * const KSI_HASHALG_SHA2_512_names[] = { "SHA-512", "SHA512", "SHA2-512", ""}; -static const char * const KSI_HASHALG_SHA3_224_names[] = { "SHA3-224", ""}; -static const char * const KSI_HASHALG_SHA3_256_names[] = { "SHA3-256", ""}; -static const char * const KSI_HASHALG_SHA3_384_names[] = { "SHA3-384", ""}; -static const char * const KSI_HASHALG_SHA3_512_names[] = { "SHA3-512"}; -static const char * const KSI_HASHALG_SM3_names[] = { "SM-3", "SM3", ""}; +static const char * const KSI_HASHALG_RIPEMD160_names[] = {"RIPEMD-160", "RIPEMD160", ""}; +static const char * const KSI_HASHALG_SHA2_384_names[] = {"SHA-384", "SHA384", "SHA2-384", ""}; +static const char * const KSI_HASHALG_SHA2_512_names[] = {"SHA-512", "SHA512", "SHA2-512", ""}; +static const char * const KSI_HASHALG_SHA3_224_names[] = {"SHA3-224", ""}; +static const char * const KSI_HASHALG_SHA3_256_names[] = {"SHA3-256", ""}; +static const char * const KSI_HASHALG_SHA3_384_names[] = {"SHA3-384", ""}; +static const char * const KSI_HASHALG_SHA3_512_names[] = {"SHA3-512", ""}; +static const char * const KSI_HASHALG_SM3_names[] = {"SM-3", "SM3", ""}; static const struct KSI_hashAlgorithmInfo_st { diff --git a/src/ksi/hash_commoncrypto.c b/src/ksi/hash_commoncrypto.c index 25617ff1..6c0ce8f6 100644 --- a/src/ksi/hash_commoncrypto.c +++ b/src/ksi/hash_commoncrypto.c @@ -16,15 +16,14 @@ * Guardtime, Inc., and no license to trademarks is granted; Guardtime * reserves and retains all trademark rights. */ +#include "internal.h" -#include "hash.h" +#if KSI_HASH_IMPL == KSI_IMPL_COMMONCRYPTO -#include "internal.h" +#include "hash.h" #include "impl/hash_impl.h" -#if KSI_HASH_IMPL == KSI_IMPL_COMMONCRYPTO - #include #define CC_SHA384_CTX CC_SHA512_CTX diff --git a/src/ksi/hash_openssl.c b/src/ksi/hash_openssl.c index 53aafd8a..74e59e25 100644 --- a/src/ksi/hash_openssl.c +++ b/src/ksi/hash_openssl.c @@ -16,21 +16,18 @@ * Guardtime, Inc., and no license to trademarks is granted; Guardtime * reserves and retains all trademark rights. */ +#include "internal.h" + #if KSI_HASH_IMPL == KSI_IMPL_OPENSSL #include -#include "internal.h" #include "impl/hash_impl.h" #include "hash.h" #include "openssl_compatibility.h" -/** - * Converts hash function ID from hash chain to OpenSSL identifier - */ -static const EVP_MD *hashAlgorithmToEVP(KSI_HashAlgorithm hash_id) -{ +static const EVP_MD *hashAlgorithmToEVP(KSI_HashAlgorithm hash_id) { switch (hash_id) { #ifndef OPENSSL_NO_SHA case KSI_HASHALG_SHA1: @@ -47,12 +44,29 @@ static const EVP_MD *hashAlgorithmToEVP(KSI_HashAlgorithm hash_id) return EVP_sha384(); case KSI_HASHALG_SHA2_512: return EVP_sha512(); +#endif +#ifdef HAVE_EVP_SHA3_256 + case KSI_HASHALG_SHA3_256: + return EVP_sha3_256(); +#endif +#ifdef HAVE_EVP_SHA3_384 + case KSI_HASHALG_SHA3_384: + return EVP_sha3_384(); +#endif +#ifdef HAVE_EVP_SHA3_512 + case KSI_HASHALG_SHA3_512: + return EVP_sha3_512(); +#endif +#ifdef HAVE_EVP_SM3 + case KSI_HASHALG_SM3: + return EVP_sm3(); #endif default: return NULL; } } + static int closeExisting(KSI_DataHasher *hasher, KSI_DataHash *data_hash) { int res = KSI_UNKNOWN_ERROR; size_t hash_length; @@ -219,4 +233,230 @@ int KSI_DataHasher_open(KSI_CTX *ctx, KSI_HashAlgorithm algo_id, KSI_DataHasher return res; } +#ifdef KSI_NATIVE_HMAC + +#include +#include + +#include "hmac.h" + +/** +* The maximum block size of an algorithm. +*/ +#define MAX_BUF_LEN 256 + +struct KSI_HmacHasher_st { + /** KSI context. */ + KSI_CTX *ctx; + + /** OpenSSL HMAC context. */ + HMAC_CTX *openssl_ctx; + + /** Hash algorithm id for reset. */ + KSI_HashAlgorithm hash_id; + + /** HMAC key for reset. */ + char *key; +}; + +int KSI_HMAC_create(KSI_CTX *ctx, KSI_HashAlgorithm algo_id, const char *key, const unsigned char *data, size_t data_len, KSI_DataHash **hmac) { + int res = KSI_UNKNOWN_ERROR; + KSI_HmacHasher *hasher = NULL; + KSI_DataHash *tmp_hmac = NULL; + + KSI_ERR_clearErrors(ctx); + if (ctx == NULL || hmac == NULL) { + KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); + goto cleanup; + } + + res = KSI_HmacHasher_open(ctx, algo_id, key, &hasher); + if (res != KSI_OK) { + KSI_pushError(ctx, res, NULL); + goto cleanup; + } + + res = KSI_HmacHasher_add(hasher, data, data_len); + if (res != KSI_OK) { + KSI_pushError(ctx, res, NULL); + goto cleanup; + } + + res = KSI_HmacHasher_close(hasher, &tmp_hmac); + if (res != KSI_OK) { + KSI_pushError(ctx, res, NULL); + goto cleanup; + } + + *hmac = tmp_hmac; + tmp_hmac = NULL; + res = KSI_OK; + +cleanup: + + KSI_DataHash_free(tmp_hmac); + KSI_HmacHasher_free(hasher); + + return res; +} + +int KSI_HmacHasher_open(KSI_CTX *ctx, KSI_HashAlgorithm algo_id, const char *key, KSI_HmacHasher **hasher) { + int res = KSI_UNKNOWN_ERROR; + KSI_HmacHasher *tmp_hasher = NULL; + + unsigned int key_len = 0; + + KSI_ERR_clearErrors(ctx); + if (ctx == NULL || key == NULL || hasher == NULL) { + KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); + goto cleanup; + } + + key_len = strlen(key); + if (key_len == 0 || key_len > 0xffff) { + KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Invalid key length."); + goto cleanup; + } + + tmp_hasher = KSI_new(KSI_HmacHasher); + if (tmp_hasher == NULL) { + KSI_pushError(ctx, res = KSI_OUT_OF_MEMORY, NULL); + goto cleanup; + } + + memset(tmp_hasher, 0, sizeof(KSI_HmacHasher)); + tmp_hasher->ctx = ctx; + tmp_hasher->openssl_ctx = NULL; + tmp_hasher->key = NULL; + + tmp_hasher->openssl_ctx = HMAC_CTX_new(); + if (tmp_hasher->openssl_ctx == NULL) { + KSI_pushError(ctx, res = KSI_OUT_OF_MEMORY, "Unable to create HMAC context."); + goto cleanup; + } + + res = KSI_strdup(key, &tmp_hasher->key); + if (res != KSI_OK) { + KSI_pushError(ctx, res, NULL); + goto cleanup; + } + + tmp_hasher->hash_id = algo_id; + if (!KSI_isHashAlgorithmSupported(algo_id)) { + KSI_pushError(ctx, res = KSI_UNKNOWN_HASH_ALGORITHM_ID, "Unsupported hash algorithm"); + goto cleanup; + } + + res = KSI_HmacHasher_reset(tmp_hasher); + if (res != KSI_OK) { + KSI_pushError(ctx, res, NULL); + goto cleanup; + } + + *hasher = tmp_hasher; + tmp_hasher = NULL; + res = KSI_OK; + +cleanup: + + KSI_HmacHasher_free(tmp_hasher); + + return res; +} + +int KSI_HmacHasher_reset(KSI_HmacHasher *hasher) { + int res = KSI_UNKNOWN_ERROR; + + if (hasher == NULL) { + res = KSI_INVALID_ARGUMENT; + goto cleanup; + } + KSI_ERR_clearErrors(hasher->ctx); + + if (!HMAC_CTX_reset(hasher->openssl_ctx)) { + KSI_pushError(hasher->ctx, res = KSI_UNKNOWN_ERROR, "Unable to reset OpenSSL HMAC"); + goto cleanup; + } + + if(!HMAC_Init_ex(hasher->openssl_ctx, hasher->key, strlen(hasher->key), hashAlgorithmToEVP(hasher->hash_id), NULL)) { + KSI_pushError(hasher->ctx, res = KSI_UNKNOWN_ERROR, "Unable to init OpenSSL HMAC"); + goto cleanup; + } + + res = KSI_OK; + +cleanup: + + return res; +} + +int KSI_HmacHasher_add(KSI_HmacHasher *hasher, const void *data, size_t data_length) { + int res = KSI_UNKNOWN_ERROR; + + if (hasher == NULL || data == NULL) { + res = KSI_INVALID_ARGUMENT; + goto cleanup; + } + KSI_ERR_clearErrors(hasher->ctx); + + if (!HMAC_Update(hasher->openssl_ctx, data, data_length)) { + KSI_pushError(hasher->ctx, res = KSI_UNKNOWN_ERROR, "Unable to update OpenSSL HMAC"); + goto cleanup; + } + + res = KSI_OK; + +cleanup: + + return res; +} + +int KSI_HmacHasher_close(KSI_HmacHasher *hasher, KSI_DataHash **hmac) { + int res = KSI_UNKNOWN_ERROR; + KSI_DataHash *tmp = NULL; + + unsigned char digest[64]; + unsigned int digest_len = 0; + + if (hasher == NULL || hmac == NULL) { + res = KSI_INVALID_ARGUMENT; + goto cleanup; + } + KSI_ERR_clearErrors(hasher->ctx); + + + if (!HMAC_Final(hasher->openssl_ctx, digest, &digest_len)) { + KSI_pushError(hasher->ctx, res = KSI_UNKNOWN_ERROR, "Unable to finalize OpenSSL HMAC"); + goto cleanup; + } + + res = KSI_DataHash_fromDigest(hasher->ctx, hasher->hash_id, digest, digest_len, &tmp); + if (res != KSI_OK) { + KSI_pushError(hasher->ctx, res, NULL); + goto cleanup; + } + + + *hmac = KSI_DataHash_ref(tmp); + + res = KSI_OK; + +cleanup: + + KSI_DataHash_free(tmp); + + return res; +} + +void KSI_HmacHasher_free(KSI_HmacHasher *hasher) { + if (hasher != NULL) { + if (hasher->openssl_ctx != NULL) HMAC_CTX_free(hasher->openssl_ctx); + if (hasher->key != NULL) KSI_free(hasher->key); + KSI_free(hasher); + } +} + + +#endif + #endif diff --git a/src/ksi/hmac.c b/src/ksi/hmac.c index f52f6729..d0a139aa 100644 --- a/src/ksi/hmac.c +++ b/src/ksi/hmac.c @@ -16,12 +16,35 @@ * Guardtime, Inc., and no license to trademarks is granted; Guardtime * reserves and retains all trademark rights. */ +#include "internal.h" + +#ifndef KSI_NATIVE_HMAC #include -#include "internal.h" #include "hmac.h" -#include "impl/hmac_impl.h" + +/** +* The maximum block size of an algorithm. +*/ +#define MAX_BUF_LEN 256 + +struct KSI_HmacHasher_st { + /** KSI context. */ + KSI_CTX *ctx; + + /** Data hasher. */ + KSI_DataHasher *dataHasher; + + /** Inner buffer for XOR-ed key, padded with zeros. */ + unsigned char ipadXORkey[MAX_BUF_LEN]; + + /** Outer buffer for XOR-ed key, padded with zeros. */ + unsigned char opadXORkey[MAX_BUF_LEN]; + + /** Block size of algorithm. */ + unsigned blockSize; +}; int KSI_HMAC_create(KSI_CTX *ctx, KSI_HashAlgorithm algo_id, const char *key, const unsigned char *data, size_t data_len, KSI_DataHash **hmac) { int res = KSI_UNKNOWN_ERROR; @@ -198,7 +221,6 @@ int KSI_HmacHasher_reset(KSI_HmacHasher *hasher) { } /* Hash inner data. */ - KSI_LOG_logBlob(hasher->ctx, KSI_LOG_DEBUG, "Adding ipad", hasher->ipadXORkey, hasher->blockSize); res = KSI_DataHasher_add(hasher->dataHasher, hasher->ipadXORkey, hasher->blockSize); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); @@ -248,8 +270,6 @@ int KSI_HmacHasher_close(KSI_HmacHasher *hasher, KSI_DataHash **hmac) { } KSI_ERR_clearErrors(hasher->ctx); - KSI_LOG_debug(hasher->ctx, "Closing inner hasher."); - res = KSI_DataHasher_close(hasher->dataHasher, &innerHash); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); @@ -263,7 +283,6 @@ int KSI_HmacHasher_close(KSI_HmacHasher *hasher, KSI_DataHash **hmac) { goto cleanup; } - KSI_LOG_logBlob(hasher->ctx, KSI_LOG_DEBUG, "Adding opad", hasher->opadXORkey, hasher->blockSize); res = KSI_DataHasher_add(hasher->dataHasher, hasher->opadXORkey, hasher->blockSize); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); @@ -276,15 +295,12 @@ int KSI_HmacHasher_close(KSI_HmacHasher *hasher, KSI_DataHash **hmac) { goto cleanup; } - KSI_LOG_logBlob(hasher->ctx, KSI_LOG_DEBUG, "Adding inner hash", digest, digest_len); res = KSI_DataHasher_add(hasher->dataHasher, digest, digest_len); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); goto cleanup; } - KSI_LOG_debug(hasher->ctx, "Closing outer hasher."); - res = KSI_DataHasher_close(hasher->dataHasher, &outerHash); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); @@ -309,3 +325,5 @@ void KSI_HmacHasher_free(KSI_HmacHasher *hasher) { KSI_free(hasher); } } + +#endif diff --git a/src/ksi/impl/hmac_impl.h b/src/ksi/impl/hmac_impl.h deleted file mode 100644 index c6bc414a..00000000 --- a/src/ksi/impl/hmac_impl.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2013-2015 Guardtime, Inc. - * - * This file is part of the Guardtime client SDK. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES, CONDITIONS, OR OTHER LICENSES OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - * "Guardtime" and "KSI" are trademarks or registered trademarks of - * Guardtime, Inc., and no license to trademarks is granted; Guardtime - * reserves and retains all trademark rights. - */ - -#ifndef HMAC_IMPL_H_ -#define HMAC_IMPL_H_ - -#include "../hash.h" - -#ifdef __cplusplus -extern "C" { -#endif - - /** - * The maximum block size of an algorithm. - */ - #define MAX_BUF_LEN 128 - - struct KSI_HmacHasher_st { - /** KSI context. */ - KSI_CTX *ctx; - - /** Data hasher. */ - KSI_DataHasher *dataHasher; - - /** Inner buffer for XOR-ed key, padded with zeros. */ - unsigned char ipadXORkey[MAX_BUF_LEN]; - - /** Outer buffer for XOR-ed key, padded with zeros. */ - unsigned char opadXORkey[MAX_BUF_LEN]; - - /** Block size of algorithm. */ - unsigned blockSize; - }; - -#ifdef __cplusplus -} -#endif - -#endif /* HMAC_IMPL_H_ */ diff --git a/src/ksi/libksiapi.def b/src/ksi/libksiapi.def index 47ccd106..2fe47d32 100644 --- a/src/ksi/libksiapi.def +++ b/src/ksi/libksiapi.def @@ -564,6 +564,7 @@ EXPORTS KSI_MetaData_setMachineId KSI_MetaData_setSequenceNr KSI_MetaData_setRequestTimeInMicros + KSI_Pdu_verifyHmac KSI_ExtendPdu_free KSI_ExtendPdu_new KSI_ExtendPdu_verify diff --git a/src/ksi/net_async.c b/src/ksi/net_async.c index 20c0813b..c476c8f7 100644 --- a/src/ksi/net_async.c +++ b/src/ksi/net_async.c @@ -665,6 +665,7 @@ static int asyncClient_composeRequestHeader(KSI_AsyncClient *c, KSI_Header **hdr static int addRequest(KSI_AsyncClient *c, KSI_AsyncHandle *handle, void *req, bool hasRequest, bool hasConfig, + KSI_HashAlgorithm defaultHmacAlg, int (*req_new)(KSI_CTX *ctx, void **req), void (*req_free)(void *req), int (*req_getRequestId)(const void *req, KSI_Integer **requestId), @@ -673,6 +674,9 @@ static int addRequest(KSI_AsyncClient *c, KSI_AsyncHandle *handle, void *req, int (*req_setConfig)(void *req, KSI_Config *config), void* (*req_ref)(void *req), int (*req_encloseWithHeader)(void *req, KSI_Header *hdr, const char *key, void **pdu), + int (*pdu_getHmac)(const void *pdu, KSI_DataHash **hmac), + int (*pdu_setHmac)(void *pdu, KSI_DataHash *hmac), + int (*pdu_updateHmac)(void *pdu, KSI_HashAlgorithm algo_id, const char *key), int (*pdu_serialize)(const void *pdu, unsigned char **raw, size_t *len), void (*pdu_free)(void *pdu), int (*asyncHandle_new)(KSI_CTX *ctx, void *req, KSI_AsyncHandle **handle)) { @@ -690,6 +694,8 @@ static int addRequest(KSI_AsyncClient *c, KSI_AsyncHandle *handle, void *req, KSI_Header *hdr = NULL; KSI_AsyncHandle *confHandle = NULL; void *tmpReq = NULL; + KSI_HashAlgorithm clientHmacAlg = KSI_HASHALG_INVALID; + KSI_DataHash *hmac = NULL; if (c == NULL || handle == NULL || req == NULL) { res = KSI_INVALID_ARGUMENT; @@ -752,6 +758,28 @@ static int addRequest(KSI_AsyncClient *c, KSI_AsyncHandle *handle, void *req, goto cleanup; } hdr = NULL; + /* Update HMAC if a different algorithm is configured. */ + clientHmacAlg = (KSI_HashAlgorithm)c->options[KSI_ASYNC_OPT_HMAC_ALGORITHM]; + if (clientHmacAlg != KSI_HASHALG_INVALID && clientHmacAlg != defaultHmacAlg) { + res = pdu_getHmac(pdu, &hmac); + if (res != KSI_OK) goto cleanup; + KSI_DataHash_free(hmac); + hmac = NULL; + res = pdu_setHmac(pdu, NULL); + if (res != KSI_OK) goto cleanup; + + /* Create and append initial empty HMAC. */ + res = KSI_DataHash_createZero(c->ctx, clientHmacAlg, &hmac); + if (res != KSI_OK) goto cleanup; + + res = pdu_setHmac(pdu, hmac); + if (res != KSI_OK) goto cleanup; + hmac = NULL; + + /* Calculate the HMAC using the provided key and the default hash algorithm. */ + res = pdu_updateHmac(pdu, clientHmacAlg, pass); + if (res != KSI_OK) goto cleanup; + } res = pdu_serialize(pdu, &raw, &len); if (res != KSI_OK) goto cleanup; @@ -821,6 +849,7 @@ static int addRequest(KSI_AsyncClient *c, KSI_AsyncHandle *handle, void *req, KSI_free(raw); KSI_Integer_free(reqId); pdu_free(pdu); + KSI_DataHash_free(hmac); return res; } @@ -842,6 +871,7 @@ static int asyncClient_addAggregatorRequest(KSI_AsyncClient *c, KSI_AsyncHandle if (res != KSI_OK) goto cleanup; res = addRequest(c, handle, handle->aggrReq, (reqHash != NULL), (reqConfig != NULL), + (KSI_HashAlgorithm)c->ctx->options[KSI_OPT_AGGR_HMAC_ALGORITHM], (int (*)(KSI_CTX *ctx, void **req))KSI_AggregationReq_new, (void (*)(void *req))KSI_AggregationReq_free, (int (*)(const void *req, KSI_Integer **requestId))KSI_AggregationReq_getRequestId, @@ -850,6 +880,9 @@ static int asyncClient_addAggregatorRequest(KSI_AsyncClient *c, KSI_AsyncHandle (int (*)(void *req, KSI_Config *config))KSI_AggregationReq_setConfig, (void* (*)(void *req))KSI_AggregationReq_ref, (int (*)(void *req, KSI_Header *hdr, const char *key, void **pdu))KSI_AggregationReq_encloseWithHeader, + (int (*)(const void *pdu, KSI_DataHash **hmac))KSI_AggregationPdu_getHmac, + (int (*)(void *pdu, KSI_DataHash *hmac))KSI_AggregationPdu_setHmac, + (int (*)(void *pdu, KSI_HashAlgorithm algo_id, const char *key))KSI_AggregationPdu_updateHmac, (int (*)(const void *pdu, unsigned char **raw, size_t *len))KSI_AggregationPdu_serialize, (void (*)(void *pdu))KSI_AggregationPdu_free, (int (*)(KSI_CTX *ctx, void *req, KSI_AsyncHandle **handle))KSI_AsyncAggregationHandle_new); @@ -877,6 +910,7 @@ static int asyncClient_addExtenderRequest(KSI_AsyncClient *c, KSI_AsyncHandle *h if (res != KSI_OK) goto cleanup; res = addRequest(c, handle, handle->extReq, (reqAggrTime != NULL), (reqConfig != NULL), + (KSI_HashAlgorithm)c->ctx->options[KSI_OPT_EXT_HMAC_ALGORITHM], (int (*)(KSI_CTX *ctx, void **req))KSI_ExtendReq_new, (void (*)(void *req))KSI_ExtendReq_free, (int (*)(const void *req, KSI_Integer **requestId))KSI_ExtendReq_getRequestId, @@ -885,6 +919,9 @@ static int asyncClient_addExtenderRequest(KSI_AsyncClient *c, KSI_AsyncHandle *h (int (*)(void *req, KSI_Config *config))KSI_ExtendReq_setConfig, (void* (*)(void *req))KSI_ExtendReq_ref, (int (*)(void *req, KSI_Header *hdr, const char *key, void **pdu))KSI_ExtendReq_encloseWithHeader, + (int (*)(const void *pdu, KSI_DataHash **hmac))KSI_ExtendPdu_getHmac, + (int (*)(void *pdu, KSI_DataHash *hmac))KSI_ExtendPdu_setHmac, + (int (*)(void *pdu, KSI_HashAlgorithm algo_id, const char *key))KSI_ExtendPdu_updateHmac, (int (*)(const void *pdu, unsigned char **raw, size_t *len))KSI_ExtendPdu_serialize, (void (*)(void *pdu))KSI_ExtendPdu_free, (int (*)(KSI_CTX *ctx, void *req, KSI_AsyncHandle **handle))KSI_AsyncExtendHandle_new); @@ -1141,11 +1178,14 @@ static int asyncClient_handleServerConfig(KSI_AsyncClient *c, KSI_Config *config } static int processResponseQueue(KSI_AsyncClient *c, + KSI_HashAlgorithm defaultHmacAlg, int (*pdu_parse)(KSI_CTX *ctx, const unsigned char *raw, size_t len, void **t), + int (*pdu_getHeader)(const void *pdu, KSI_Header **header), + int (*pdu_getHmac)(const void *pdu, KSI_DataHash **hmac), void (*pdu_free)(void *pdu), int (*pdu_getError)(const void *pdu, KSI_ErrorPdu **error), int (*pdu_setError)(void *pdu, KSI_ErrorPdu *error), - int (*pdu_verify)(const void *pdu, const char *pass), + int (*pdu_calculateHmac)(const void*, int, const char*, KSI_DataHash**), int (*pdu_getConfResponse)(const void *pdu, KSI_Config **confResponse), int (*convertStatusCode)(const KSI_Integer *statusCode), int (*asyncClient_handleResponse)(KSI_AsyncClient *c, void *pdu), @@ -1189,6 +1229,9 @@ static int processResponseQueue(KSI_AsyncClient *c, const char *pass = NULL; const unsigned char *raw = NULL; size_t len = 0; + KSI_HashAlgorithm clientHmacAlg = (KSI_HashAlgorithm)c->options[KSI_ASYNC_OPT_HMAC_ALGORITHM]; + KSI_Header *header = NULL; + KSI_DataHash *hmac = NULL; res = KSI_OctetString_extract(resp, &raw, &len); if (res != KSI_OK) { @@ -1231,7 +1274,30 @@ static int processResponseQueue(KSI_AsyncClient *c, goto cleanup; } - res = pdu_verify(pdu, pass); + /* Verify PDU consistency. */ + res = pdu_getHeader(pdu, &header); + if (res != KSI_OK) { + KSI_pushError(c->ctx, res, NULL); + goto cleanup; + } + if (header == NULL){ + KSI_pushError(c->ctx, res = KSI_INVALID_FORMAT, "A successful Extend response must have a Header."); + goto cleanup; + } + + res = pdu_getHmac(pdu, &hmac); + if (res != KSI_OK) { + KSI_pushError(c->ctx, res, NULL); + goto cleanup; + } + if (hmac == NULL){ + KSI_pushError(c->ctx, res = KSI_INVALID_FORMAT, "A successful Extend response must have a HMAC."); + goto cleanup; + } + + res = KSI_Pdu_verifyHmac(c->ctx, hmac, pass, + (clientHmacAlg != KSI_HASHALG_INVALID ? clientHmacAlg : defaultHmacAlg), + pdu_calculateHmac, pdu); if (res != KSI_OK) { KSI_pushError(c->ctx, res, NULL); goto cleanup; @@ -1287,11 +1353,14 @@ static int processResponseQueue(KSI_AsyncClient *c, static int asyncClient_processAggregationResponseQueue(KSI_AsyncClient *c) { return processResponseQueue(c, + (KSI_HashAlgorithm)c->ctx->options[KSI_OPT_AGGR_HMAC_ALGORITHM], (int (*)(KSI_CTX *, const unsigned char *, size_t, void **))KSI_AggregationPdu_parse, + (int (*)(const void *pdu, KSI_Header **header))KSI_AggregationPdu_getHeader, + (int (*)(const void *pdu, KSI_DataHash **hmac))KSI_AggregationPdu_getHmac, (void (*)(void *))KSI_AggregationPdu_free, (int (*)(const void *, KSI_ErrorPdu **))KSI_AggregationPdu_getError, (int (*)(void *, KSI_ErrorPdu *))KSI_AggregationPdu_setError, - (int (*)(const void *, const char *))KSI_AggregationPdu_verify, + (int (*)(const void*, int, const char*, KSI_DataHash**))KSI_AggregationPdu_calculateHmac, (int (*)(const void *, KSI_Config **))KSI_AggregationPdu_getConfResponse, (int (*)(const KSI_Integer *))KSI_convertAggregatorStatusCode, (int (*)(KSI_AsyncClient *, void *))asyncClient_handleAggregationResp, @@ -1302,11 +1371,14 @@ static int asyncClient_processAggregationResponseQueue(KSI_AsyncClient *c) { static int asyncClient_processExtenderResponseQueue(KSI_AsyncClient *c) { return processResponseQueue(c, + (KSI_HashAlgorithm)c->ctx->options[KSI_OPT_EXT_HMAC_ALGORITHM], (int (*)(KSI_CTX *, const unsigned char *, size_t, void **))KSI_ExtendPdu_parse, + (int (*)(const void *pdu, KSI_Header **header))KSI_ExtendPdu_getHeader, + (int (*)(const void *pdu, KSI_DataHash **hmac))KSI_ExtendPdu_getHmac, (void (*)(void *))KSI_ExtendPdu_free, (int (*)(const void *, KSI_ErrorPdu **))KSI_ExtendPdu_getError, (int (*)(void *, KSI_ErrorPdu *))KSI_ExtendPdu_setError, - (int (*)(const void *, const char *))KSI_ExtendPdu_verify, + (int (*)(const void*, int, const char*, KSI_DataHash**))KSI_ExtendPdu_calculateHmac, (int (*)(const void *, KSI_Config **))KSI_ExtendPdu_getConfResponse, (int (*)(const KSI_Integer *))KSI_convertExtenderStatusCode, (int (*)(KSI_AsyncClient *, void *))asyncClient_handleExtendResp, @@ -1532,6 +1604,7 @@ static int asyncClient_setOption(KSI_AsyncClient *c, const int opt, void *param) case KSI_ASYNC_OPT_SND_TIMEOUT: case KSI_ASYNC_OPT_MAX_REQUEST_COUNT: case KSI_ASYNC_OPT_CALLBACK_USERDATA: + case KSI_ASYNC_OPT_HMAC_ALGORITHM: c->options[opt] = (size_t)param; break; @@ -1577,6 +1650,7 @@ static int asyncClient_getOption(KSI_AsyncClient *c, const int opt, void *param) case KSI_ASYNC_OPT_SND_TIMEOUT: case KSI_ASYNC_OPT_MAX_REQUEST_COUNT: case KSI_ASYNC_OPT_CALLBACK_USERDATA: + case KSI_ASYNC_OPT_HMAC_ALGORITHM: *(size_t*)param = c->options[opt]; break; case KSI_ASYNC_OPT_PUSH_CONF_CALLBACK: @@ -1617,6 +1691,7 @@ static int asyncClient_setDefaultOptions(KSI_AsyncClient *c) { if ((res = asyncClient_setOption(c, KSI_ASYNC_OPT_PUSH_CONF_CALLBACK, (void *)NULL)) != KSI_OK) goto cleanup; if ((res = asyncClient_setOption(c, KSI_ASYNC_OPT_CONNECTION_STATE_CALLBACK, (void *)NULL)) != KSI_OK) goto cleanup; if ((res = asyncClient_setOption(c, KSI_ASYNC_OPT_CALLBACK_USERDATA, (void *)NULL)) != KSI_OK) goto cleanup; + if ((res = asyncClient_setOption(c, KSI_ASYNC_OPT_HMAC_ALGORITHM, (void *)KSI_HASHALG_INVALID)) != KSI_OK) goto cleanup; /* Private options. */ if ((res = asyncClient_setOption(c, KSI_ASYNC_PRIVOPT_ROUND_DURATION, (void *)KSI_ASYNC_ROUND_DURATION_SEC)) != KSI_OK) goto cleanup; if ((res = asyncClient_setOption(c, KSI_ASYNC_PRIVOPT_INVOKE_CONF_RECEIVED_CALLBACK, (void *)true)) != KSI_OK) goto cleanup; diff --git a/src/ksi/net_async.h b/src/ksi/net_async.h index d89b7c6b..5aa3016c 100644 --- a/src/ksi/net_async.h +++ b/src/ksi/net_async.h @@ -563,6 +563,14 @@ extern "C" { */ KSI_ASYNC_OPT_CALLBACK_USERDATA, + /** + * HMAC algorithm to be used for securing transactions. In not set, the #KSI_CTX default HMAC algorithm is used. + * \param algorithm Paramer of type #KSI_HashAlgorithm. + * \note In case of a high availability #KSI_AsyncService the option is applied to the latest configured + * endpoint. For reading HA sub-service configured HMAC algorithms use #KSI_ASYNC_OPT_HA_SUBSERVICE_LIST first. + */ + KSI_ASYNC_OPT_HMAC_ALGORITHM, + __KSI_ASYNC_OPT_COUNT } KSI_AsyncOption; diff --git a/src/ksi/net_ha.c b/src/ksi/net_ha.c index 45513d2f..72f3bbf3 100644 --- a/src/ksi/net_ha.c +++ b/src/ksi/net_ha.c @@ -1155,6 +1155,28 @@ static int KSI_HighAvailabilityService_setOption(KSI_HighAvailabilityService *ha res = KSI_INVALID_ARGUMENT; goto cleanup; + case KSI_ASYNC_OPT_HMAC_ALGORITHM: { + KSI_AsyncService *ss = NULL; + size_t nofss = KSI_AsyncServiceList_length(has->services); + + if (nofss == 0) { + res = KSI_INVALID_STATE; + goto cleanup; + } + res = KSI_AsyncServiceList_elementAt(has->services, nofss - 1, &ss); + if (res != KSI_OK) { + KSI_pushError(has->ctx, res, NULL); + goto cleanup; + } + + res = KSI_AsyncService_setOption(ss, option, value); + if (res != KSI_OK) { + KSI_pushError(has->ctx, res, NULL); + goto cleanup; + } + } + break; + /* All other options route to the subservices. */ default: for (i = 0; i < KSI_AsyncServiceList_length(has->services); i++) { @@ -1209,6 +1231,10 @@ static int KSI_HighAvailabilityService_getOption(const KSI_HighAvailabilityServi tmp = (size_t)has->services; break; + case KSI_ASYNC_OPT_HMAC_ALGORITHM: + res = KSI_INVALID_STATE; + goto cleanup; + default: for (i = 0; i < KSI_AsyncServiceList_length(has->services); i++) { KSI_AsyncService *as = NULL; diff --git a/src/ksi/pkitruststore_openssl.c b/src/ksi/pkitruststore_openssl.c index 08dd38a9..056bc462 100644 --- a/src/ksi/pkitruststore_openssl.c +++ b/src/ksi/pkitruststore_openssl.c @@ -86,25 +86,24 @@ static void openSslGlobal_cleanup(void) { } } - static int KSI_MD2hashAlg(EVP_MD *hash_alg) { - if (hash_alg == EVP_sha256()) - return KSI_HASHALG_SHA2_256; -#ifndef OPENSSL_NO_SHA - if (hash_alg == EVP_sha1()) - return KSI_HASHALG_SHA1; -#endif -#ifndef OPENSSL_NO_RIPEMD - if (hash_alg == EVP_ripemd160()) - return KSI_HASHALG_RIPEMD160; -#endif -#ifndef OPENSSL_NO_SHA512 - if (hash_alg == EVP_sha384()) - return KSI_HASHALG_SHA2_384; - if (hash_alg == EVP_sha512()) - return KSI_HASHALG_SHA2_512; -#endif - return -1; + if (hash_alg == EVP_sha256()) + return KSI_HASHALG_SHA2_256; + #ifndef OPENSSL_NO_SHA + if (hash_alg == EVP_sha1()) + return KSI_HASHALG_SHA1; + #endif + #ifndef OPENSSL_NO_RIPEMD + if (hash_alg == EVP_ripemd160()) + return KSI_HASHALG_RIPEMD160; + #endif + #ifndef OPENSSL_NO_SHA512 + if (hash_alg == EVP_sha384()) + return KSI_HASHALG_SHA2_384; + if (hash_alg == EVP_sha512()) + return KSI_HASHALG_SHA2_512; + #endif + return -1; } void KSI_PKITruststore_free(KSI_PKITruststore *trust) { diff --git a/src/ksi/policy.c b/src/ksi/policy.c index 93220e2e..86576288 100644 --- a/src/ksi/policy.c +++ b/src/ksi/policy.c @@ -935,8 +935,6 @@ int KSI_VerificationContext_init(KSI_VerificationContext *context, KSI_CTX *ctx) goto cleanup; } - context->ctx = NULL; - context->signature = NULL; context->extendingAllowed = 0; context->docAggrLevel = 0; context->documentHash = NULL; diff --git a/src/ksi/signature_builder.c b/src/ksi/signature_builder.c index b609cf57..9ece2234 100644 --- a/src/ksi/signature_builder.c +++ b/src/ksi/signature_builder.c @@ -1061,6 +1061,7 @@ static int checkSignatureInternals(KSI_CTX *ctx, KSI_Signature *sig) { int KSI_SignatureBuilder_close(KSI_SignatureBuilder *builder, KSI_uint64_t rootLevel, KSI_Signature **sig) { int res = KSI_UNKNOWN_ERROR; KSI_VerificationContext context; + int isContextInitialized = 0; KSI_PolicyVerificationResult *result = NULL; int tlvConstructed = 0; KSI_Signature *clone = NULL; @@ -1075,6 +1076,7 @@ int KSI_SignatureBuilder_close(KSI_SignatureBuilder *builder, KSI_uint64_t rootL KSI_pushError(builder->ctx, res, NULL); goto cleanup; } + isContextInitialized = 1; /* Make sure the aggregation hash chains are in correct order. */ res = KSI_AggregationHashChainList_sort(builder->sig->aggregationChainList, KSI_AggregationHashChain_compare); @@ -1149,7 +1151,7 @@ int KSI_SignatureBuilder_close(KSI_SignatureBuilder *builder, KSI_uint64_t rootL builder->sig->baseTlv = NULL; } KSI_Signature_free(clone); - KSI_VerificationContext_clean(&context); + if (isContextInitialized) {KSI_VerificationContext_clean(&context);} KSI_PolicyVerificationResult_free(result); return res; diff --git a/src/ksi/tlv.c b/src/ksi/tlv.c index 4cf6480e..7a06e2f7 100644 --- a/src/ksi/tlv.c +++ b/src/ksi/tlv.c @@ -607,7 +607,7 @@ static int serializeRaw(const KSI_TLV *tlv, unsigned char *buf, size_t buf_size, int res = KSI_UNKNOWN_ERROR; size_t payloadLength; - if (tlv == NULL || (buf == NULL && buf_size != 0) || buf_len == NULL) { + if (tlv == NULL || (tlv->datap == NULL && tlv->datap_len != 0) || buf == NULL || buf_len == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } @@ -615,12 +615,12 @@ static int serializeRaw(const KSI_TLV *tlv, unsigned char *buf, size_t buf_size, KSI_ERR_clearErrors(tlv->ctx); payloadLength = tlv->datap_len; - - if (buf != NULL) { + if (payloadLength > 0) { if (buf_size < payloadLength) { KSI_pushError(tlv->ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } + memcpy(buf + buf_size - payloadLength, tlv->datap, payloadLength); } diff --git a/src/ksi/tlv_element.c b/src/ksi/tlv_element.c index 942765fc..6624fe8e 100644 --- a/src/ksi/tlv_element.c +++ b/src/ksi/tlv_element.c @@ -318,8 +318,9 @@ static int convertToNested(KSI_TlvElement *el) { } if (el->subList == NULL) { - /* The pointer points to the header of the TLV not the data itself. */ - unsigned char *ptr = el->ptr + el->ftlv.hdr_len; + /* The pointer points to the header of the TLV not the data itself. + Note that when ptr is NULL, len is also 0. */ + unsigned char *ptr = el->ptr != NULL ? el->ptr + el->ftlv.hdr_len : NULL; size_t len = el->ftlv.dat_len; res = KSI_TlvElementList_new(&list); @@ -355,6 +356,8 @@ static int convertToNested(KSI_TlvElement *el) { cleanup: + KSI_TlvElementList_free(list); + return res; } diff --git a/src/ksi/tree_builder.c b/src/ksi/tree_builder.c index 290bd7e8..a5352be2 100644 --- a/src/ksi/tree_builder.c +++ b/src/ksi/tree_builder.c @@ -765,6 +765,7 @@ int KSI_TreeLeafHandle_getAggregationChain(const KSI_TreeLeafHandle *handle, KSI KSI_pushError(handle->pBuilder->ctx, res, NULL); goto cleanup; } + links = NULL; /* Set the input hash. */ { @@ -801,6 +802,7 @@ int KSI_TreeLeafHandle_getAggregationChain(const KSI_TreeLeafHandle *handle, KSI cleanup: + KSI_HashChainLinkList_free(links); KSI_Integer_free(algoId); KSI_AggregationHashChain_free(tmp); diff --git a/src/ksi/types.c b/src/ksi/types.c index 31fd243e..714479b8 100644 --- a/src/ksi/types.c +++ b/src/ksi/types.c @@ -743,7 +743,7 @@ static int getObjectsRawValue(KSI_CTX* ctx, const void* obj, int (*getRaw)(const return res; } -int pdu_verifyHmac(KSI_CTX *ctx, const KSI_DataHash *hmac, const char *key, KSI_HashAlgorithm conf_alg, +int KSI_Pdu_verifyHmac(KSI_CTX *ctx, const KSI_DataHash *hmac, const char *key, KSI_HashAlgorithm conf_alg, int (*calculateHmac)(const void*, int, const char*, KSI_DataHash**), void *pdu){ int res; KSI_DataHash *actualHmac = NULL; @@ -794,6 +794,11 @@ int pdu_verifyHmac(KSI_CTX *ctx, const KSI_DataHash *hmac, const char *key, KSI_ return res; } +int pdu_verifyHmac(KSI_CTX *ctx, const KSI_DataHash *hmac, const char *key, KSI_HashAlgorithm conf_alg, + int (*calculateHmac)(const void*, int, const char*, KSI_DataHash**), void *pdu) { + return KSI_Pdu_verifyHmac(ctx, hmac, key, conf_alg, calculateHmac, pdu); +} + static int pdu_calculateHmac(KSI_CTX* ctx, const void* pdu, int (*getHeader)(const void*, KSI_Header**), int (*getResponse)(const void*, void**), @@ -1045,7 +1050,7 @@ int KSI_ExtendPdu_verifyHmac(const KSI_ExtendPdu *pdu, const char *pass) { goto cleanup; } - res = pdu_verifyHmac(pdu->ctx, respHmac, pass, + res = KSI_Pdu_verifyHmac(pdu->ctx, respHmac, pass, (KSI_HashAlgorithm)pdu->ctx->options[KSI_OPT_EXT_HMAC_ALGORITHM], (int (*)(const void*, int, const char*, KSI_DataHash**))KSI_ExtendPdu_calculateHmac, (void*)pdu); @@ -1461,7 +1466,7 @@ int KSI_AggregationPdu_verifyHmac(const KSI_AggregationPdu *pdu, const char *pas goto cleanup; } - res = pdu_verifyHmac(pdu->ctx, respHmac, pass, + res = KSI_Pdu_verifyHmac(pdu->ctx, respHmac, pass, (KSI_HashAlgorithm)pdu->ctx->options[KSI_OPT_AGGR_HMAC_ALGORITHM], (int (*)(const void*, int, const char*, KSI_DataHash**))KSI_AggregationPdu_calculateHmac, (void*)pdu); diff --git a/src/ksi/types.h b/src/ksi/types.h index 8452a6fb..5bfa3a45 100644 --- a/src/ksi/types.h +++ b/src/ksi/types.h @@ -626,6 +626,9 @@ int KSI_MetaData_setRequestTimeInMicros(KSI_MetaData *t, KSI_Integer *reqTime); KSI_DEFINE_REF(KSI_MetaData); +int KSI_Pdu_verifyHmac(KSI_CTX *ctx, const KSI_DataHash *hmac, const char *key, KSI_HashAlgorithm conf_alg, + int (*calculateHmac)(const void*, int, const char*, KSI_DataHash**), void *pdu); + /* * KSI_ExtendPdu */ diff --git a/test/aggre_ha_integration_test.c b/test/aggre_ha_integration_test.c index ae5733ff..f67ca67d 100644 --- a/test/aggre_ha_integration_test.c +++ b/test/aggre_ha_integration_test.c @@ -110,7 +110,7 @@ static void verifyOption(CuTest* tc, KSI_AsyncService *s, int opt, size_t defVal CuAssert(tc, "Async service option value mismatch.", res == KSI_OK && optVal == newVal); } -static void asyncSigning_verifyOptions(CuTest* tc, const char *scheme) { +static void asyncSigning_verifyOptions(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *has = NULL; @@ -130,16 +130,18 @@ static void asyncSigning_verifyOptions(CuTest* tc, const char *scheme) { } void Test_HaSign_verifyOptions_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_verifyOptions(tc, TEST_SCHEME_TCP); + asyncSigning_verifyOptions(tc, scheme); } void Test_HaSign_verifyOptions_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_verifyOptions(tc, TEST_SCHEME_HTTP); + asyncSigning_verifyOptions(tc, scheme); } -static void asyncSigning_verifyCacheSizeOption(CuTest* tc, const char *scheme) { +static void asyncSigning_verifyCacheSizeOption(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *has = NULL; size_t optVal = 0; @@ -166,13 +168,15 @@ static void asyncSigning_verifyCacheSizeOption(CuTest* tc, const char *scheme) { } void Test_HaSign_verifyCacheSizeOption_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_verifyCacheSizeOption(tc, TEST_SCHEME_TCP); + asyncSigning_verifyCacheSizeOption(tc, scheme); } void Test_HaSign_verifyCacheSizeOption_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_verifyCacheSizeOption(tc, TEST_SCHEME_HTTP); + asyncSigning_verifyCacheSizeOption(tc, scheme); } static void asyncSigning_loop_getResponse(CuTest* tc, KSI_AsyncService *as) { @@ -338,12 +342,13 @@ static void asyncSigning_loop_getResponse(CuTest* tc, KSI_AsyncService *as) { void Test_HaSign_loop_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_TCP, &conf.aggregator, conf.ha.aggregator); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -354,12 +359,13 @@ void Test_HaSign_loop_tcp(CuTest* tc) { void Test_HaSign_loop_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_HTTP, &conf.aggregator, conf.ha.aggregator); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -370,12 +376,13 @@ void Test_HaSign_loop_http(CuTest* tc) { void Test_HaSign_loopResetServiceLoop_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_TCP, &conf.aggregator, conf.ha.aggregator); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -393,12 +400,13 @@ void Test_HaSign_loopResetServiceLoop_tcp(CuTest* tc) { void Test_HaSign_loopResetServiceLoop_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_HTTP, &conf.aggregator, conf.ha.aggregator); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -416,34 +424,14 @@ void Test_HaSign_loopResetServiceLoop_http(CuTest* tc) { void Test_HaSign_loop_http_tcp_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, TEST_SCHEME_TCP, TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - if (strlen(conf.ha.aggregator[0].host) == 0) { - KSI_LOG_debug(ctx, "%s: testing with common aggregator conf.", __FUNCTION__); - - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_HTTP, &conf.aggregator), conf.aggregator.user, conf.aggregator.pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } else { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_HTTP, &conf.ha.aggregator[0]), conf.ha.aggregator[0].user, conf.ha.aggregator[0].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - - if (strlen(conf.ha.aggregator[1].host) != 0) { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_TCP, &conf.ha.aggregator[1]), conf.ha.aggregator[1].user, conf.ha.aggregator[1].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } - - if (strlen(conf.ha.aggregator[2].host) != 0) { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_HTTP, &conf.ha.aggregator[2]), conf.ha.aggregator[2].user, conf.ha.aggregator[2].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } - } + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); + CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); asyncSigning_loop_getResponse(tc, has); @@ -453,34 +441,14 @@ void Test_HaSign_loop_http_tcp_http(CuTest* tc) { void Test_HaSign_loop_tcp_http_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, TEST_SCHEME_HTTP, TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - if (strlen(conf.ha.aggregator[0].host) == 0) { - KSI_LOG_debug(ctx, "%s: testing with common aggregator conf.", __FUNCTION__); - - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_TCP, &conf.aggregator), conf.aggregator.user, conf.aggregator.pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } else { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_TCP, &conf.ha.aggregator[0]), conf.ha.aggregator[0].user, conf.ha.aggregator[0].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - - if (strlen(conf.ha.aggregator[1].host) != 0) { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_HTTP, &conf.ha.aggregator[1]), conf.ha.aggregator[1].user, conf.ha.aggregator[1].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } - - if (strlen(conf.ha.aggregator[2].host) != 0) { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_TCP, &conf.ha.aggregator[2]), conf.ha.aggregator[2].user, conf.ha.aggregator[2].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } - } + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); + CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); asyncSigning_loop_getResponse(tc, has); @@ -489,7 +457,7 @@ void Test_HaSign_loop_tcp_http_tcp(CuTest* tc) { } -static void asyncSigning_collect_getResponse(CuTest* tc, const char *scheme) { +static void asyncSigning_collect_getResponse(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; time_t startTime; @@ -633,16 +601,18 @@ static void asyncSigning_collect_getResponse(CuTest* tc, const char *scheme) { } void Test_HaSign_collect_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_collect_getResponse(tc, TEST_SCHEME_TCP); + asyncSigning_collect_getResponse(tc, scheme); } void Test_HaSign_collect_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_collect_getResponse(tc, TEST_SCHEME_HTTP); + asyncSigning_collect_getResponse(tc, scheme); } -static void asyncSigning_getError(CuTest* tc, const char *scheme, KSITest_ServiceConf *srvCfg, KSITest_ServiceConf *haCfg, int expected, long external) { +static void asyncSigning_getError(CuTest* tc, const char **scheme, KSITest_ServiceConf *srvCfg, KSITest_ServiceConf *haCfg, int expected, long external) { int res; KSI_AsyncService *as = NULL; KSI_AsyncHandle *handle = NULL; @@ -734,13 +704,15 @@ static void asyncSigning_getError(CuTest* tc, const char *scheme, KSITest_Servic void Test_HaSign_useExtender_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_getError(tc, TEST_SCHEME_TCP, &conf.extender, conf.ha.extender, KSI_INVALID_FORMAT, 0); + asyncSigning_getError(tc, scheme, &conf.extender, conf.ha.extender, KSI_INVALID_FORMAT, 0); } void Test_HaSign_useExtender_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_getError(tc, TEST_SCHEME_HTTP, &conf.extender, conf.ha.extender, KSI_HTTP_ERROR, 400); + asyncSigning_getError(tc, scheme, &conf.extender, conf.ha.extender, KSI_HTTP_ERROR, 400); } static int createDummyAggrAsyncRequest(KSI_AsyncHandle **ah) { @@ -772,7 +744,7 @@ static int createDummyAggrAsyncRequest(KSI_AsyncHandle **ah) { return res; } -static void asyncSigning_fillupCache(CuTest* tc, const char *scheme) { +static void asyncSigning_fillupCache(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; KSI_AsyncHandle *hndl = NULL; @@ -813,16 +785,18 @@ static void asyncSigning_fillupCache(CuTest* tc, const char *scheme) { } void Test_HaSign_fillupCache_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_fillupCache(tc, TEST_SCHEME_TCP); + asyncSigning_fillupCache(tc, scheme); } void Test_HaSign_fillupCache_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_fillupCache(tc, TEST_SCHEME_HTTP); + asyncSigning_fillupCache(tc, scheme); } -static void asyncSigning_addEmptyReq(CuTest* tc, const char *scheme) { +static void asyncSigning_addEmptyReq(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; KSI_AsyncHandle *handle = NULL; @@ -851,13 +825,15 @@ static void asyncSigning_addEmptyReq(CuTest* tc, const char *scheme) { } void Test_HaSign_addEmptyRequest_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_addEmptyReq(tc, TEST_SCHEME_TCP); + asyncSigning_addEmptyReq(tc, scheme); } void Test_HaSign_addEmptyRequest_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_addEmptyReq(tc, TEST_SCHEME_HTTP); + asyncSigning_addEmptyReq(tc, scheme); } static void Test_HaSign_noEndpoint_addRequest(CuTest* tc) { @@ -913,7 +889,7 @@ void Test_HaSign_exceedMaxNofSubservices(CuTest* tc) { KSI_AsyncService_free(has); } -static void asyncSigning_runEmpty(CuTest* tc, const char *scheme) { +static void asyncSigning_runEmpty(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; KSI_AsyncHandle *hndl = NULL; @@ -937,13 +913,15 @@ static void asyncSigning_runEmpty(CuTest* tc, const char *scheme) { } void Test_HaSign_runEmpty_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_runEmpty(tc, TEST_SCHEME_TCP); + asyncSigning_runEmpty(tc, scheme); } void Test_HaSign_runEmpty_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_runEmpty(tc, TEST_SCHEME_HTTP); + asyncSigning_runEmpty(tc, scheme); } static void asyncSigning_requestConfigOnly(CuTest* tc, KSI_AsyncService *as) { @@ -1019,6 +997,7 @@ static void asyncSigning_requestConfigOnly(CuTest* tc, KSI_AsyncService *as) { void Test_HaSign_requestConfigOnly_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -1026,7 +1005,7 @@ void Test_HaSign_requestConfigOnly_tcp(CuTest* tc) { res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_TCP, &conf.aggregator, conf.ha.aggregator); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); asyncSigning_requestConfigOnly(tc, has); @@ -1036,6 +1015,7 @@ void Test_HaSign_requestConfigOnly_tcp(CuTest* tc) { void Test_HaSign_requestConfigOnly_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -1043,7 +1023,7 @@ void Test_HaSign_requestConfigOnly_http(CuTest* tc) { res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_HTTP, &conf.aggregator, conf.ha.aggregator); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); asyncSigning_requestConfigOnly(tc, has); @@ -1119,6 +1099,7 @@ static void asyncSigning_requestConfigOnlyUseCallback(CuTest* tc, KSI_AsyncServi void Test_HaSign_requestConfigOnlyUseCallback_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -1126,7 +1107,7 @@ void Test_HaSign_requestConfigOnlyUseCallback_tcp(CuTest* tc) { res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_TCP, &conf.aggregator, conf.ha.aggregator); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); res = KSI_AsyncService_setOption(has, KSI_ASYNC_OPT_PUSH_CONF_CALLBACK, (void *)dummyCallback); @@ -1139,6 +1120,7 @@ void Test_HaSign_requestConfigOnlyUseCallback_tcp(CuTest* tc) { void Test_HaSign_requestConfigOnlyUseCallback_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -1146,7 +1128,7 @@ void Test_HaSign_requestConfigOnlyUseCallback_http(CuTest* tc) { res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_HTTP, &conf.aggregator, conf.ha.aggregator); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.aggregator, conf.ha.aggregator); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); res = KSI_AsyncService_setOption(has, KSI_ASYNC_OPT_PUSH_CONF_CALLBACK, (void *)dummyCallback); @@ -1157,13 +1139,13 @@ void Test_HaSign_requestConfigOnlyUseCallback_http(CuTest* tc) { KSI_AsyncService_free(has); } -static void asyncSigning_verifySubserviceCallbacksDisabled(CuTest* tc, const char *scheme) { +static void asyncSigning_verifySubserviceCallbacksDisabled(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *has = NULL; size_t i; KSI_AsyncServiceList *list = NULL; - KSI_LOG_debug(ctx, "%s: %s", __FUNCTION__, scheme); + KSI_LOG_debug(ctx, "%s", __FUNCTION__); res = KSI_SigningHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); @@ -1203,16 +1185,18 @@ static void asyncSigning_verifySubserviceCallbacksDisabled(CuTest* tc, const cha } static void Test_HaSign_verifySubserviceCallbacksDisabled_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_verifySubserviceCallbacksDisabled(tc, TEST_SCHEME_TCP); + asyncSigning_verifySubserviceCallbacksDisabled(tc, scheme); } static void Test_HaSign_verifySubserviceCallbacksDisabled_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_verifySubserviceCallbacksDisabled(tc, TEST_SCHEME_HTTP); + asyncSigning_verifySubserviceCallbacksDisabled(tc, scheme); } -static void asyncSigning_requestConfigWithAggrReq(CuTest* tc, const char *scheme) { +static void asyncSigning_requestConfigWithAggrReq(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; KSI_AsyncHandle *handle = NULL; @@ -1336,16 +1320,18 @@ static void asyncSigning_requestConfigWithAggrReq(CuTest* tc, const char *scheme } void Test_HaSign_requestConfigWithAggrReq_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_requestConfigWithAggrReq(tc, TEST_SCHEME_TCP); + asyncSigning_requestConfigWithAggrReq(tc, scheme); } void Test_HaSign_requestConfigWithAggrReq_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_requestConfigWithAggrReq(tc, TEST_SCHEME_HTTP); + asyncSigning_requestConfigWithAggrReq(tc, scheme); } -static void asyncSigning_requestConfigAndAggrRequest_loop(CuTest* tc, const char *scheme) { +static void asyncSigning_requestConfigAndAggrRequest_loop(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *has = NULL; time_t startTime; @@ -1493,13 +1479,15 @@ static void asyncSigning_requestConfigAndAggrRequest_loop(CuTest* tc, const char } void Test_HaSign_requestConfigAndAggrRequest_loop_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_requestConfigAndAggrRequest_loop(tc, TEST_SCHEME_TCP); + asyncSigning_requestConfigAndAggrRequest_loop(tc, scheme); } void Test_HaSign_requestConfigAndAggrRequest_loop_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncSigning_requestConfigAndAggrRequest_loop(tc, TEST_SCHEME_HTTP); + asyncSigning_requestConfigAndAggrRequest_loop(tc, scheme); } static void preTest(void) { diff --git a/test/ext_ha_integration_test.c b/test/ext_ha_integration_test.c index 0ebcffbc..e6941bb9 100644 --- a/test/ext_ha_integration_test.c +++ b/test/ext_ha_integration_test.c @@ -103,7 +103,7 @@ static void verifyOption(CuTest* tc, KSI_AsyncService *s, int opt, size_t defVal CuAssert(tc, "Async service option value mismatch.", res == KSI_OK && optVal == newVal); } -static void asyncExtending_verifyOptions(CuTest* tc, const char *scheme) { +static void asyncExtending_verifyOptions(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *has = NULL; @@ -123,16 +123,18 @@ static void asyncExtending_verifyOptions(CuTest* tc, const char *scheme) { } void Test_HaExtend_verifyOptions_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_verifyOptions(tc, TEST_SCHEME_TCP); + asyncExtending_verifyOptions(tc, scheme); } void Test_HaExtend_verifyOptions_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_verifyOptions(tc, TEST_SCHEME_HTTP); + asyncExtending_verifyOptions(tc, scheme); } -static void asyncExtending_verifyCacheSizeOption(CuTest* tc, const char *scheme) { +static void asyncExtending_verifyCacheSizeOption(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *has = NULL; size_t optVal = 0; @@ -159,13 +161,15 @@ static void asyncExtending_verifyCacheSizeOption(CuTest* tc, const char *scheme) } void Test_HaExtend_verifyCacheSizeOption_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_verifyCacheSizeOption(tc, TEST_SCHEME_TCP); + asyncExtending_verifyCacheSizeOption(tc, scheme); } void Test_HaExtend_verifyCacheSizeOption_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_verifyCacheSizeOption(tc, TEST_SCHEME_HTTP); + asyncExtending_verifyCacheSizeOption(tc, scheme); } static void asyncExtending_loop_getResponse(CuTest* tc, KSI_AsyncService *as) { @@ -304,12 +308,13 @@ static void asyncExtending_loop_getResponse(CuTest* tc, KSI_AsyncService *as) { void Test_HaExtend_loop_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_TCP, &conf.extender, conf.ha.extender); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -320,12 +325,13 @@ void Test_HaExtend_loop_tcp(CuTest* tc) { void Test_HaExtend_loop_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_HTTP, &conf.extender, conf.ha.extender); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -336,12 +342,13 @@ void Test_HaExtend_loop_http(CuTest* tc) { void Test_HaExtend_loopResetEndpointLoop_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_TCP, &conf.extender, conf.ha.extender); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -359,12 +366,13 @@ void Test_HaExtend_loopResetEndpointLoop_tcp(CuTest* tc) { void Test_HaExtend_loopResetEndpointLoop_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_HTTP, &conf.extender, conf.ha.extender); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -382,34 +390,15 @@ void Test_HaExtend_loopResetEndpointLoop_http(CuTest* tc) { void Test_HaExtend_loop_http_tcp_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, TEST_SCHEME_TCP, TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - if (strlen(conf.ha.extender[0].host) == 0) { - KSI_LOG_debug(ctx, "%s: testing with common extender conf.", __FUNCTION__); - - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_HTTP, &conf.extender), conf.extender.user, conf.extender.pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } else { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_HTTP, &conf.ha.extender[0]), conf.ha.extender[0].user, conf.ha.extender[0].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - - if (strlen(conf.ha.extender[1].host) != 0) { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_TCP, &conf.ha.extender[1]), conf.ha.extender[1].user, conf.ha.extender[1].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); + CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - if (strlen(conf.ha.extender[2].host) != 0) { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_HTTP, &conf.ha.extender[2]), conf.ha.extender[2].user, conf.ha.extender[2].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } - } KSI_LOG_debug(ctx, "%s", __FUNCTION__); asyncExtending_loop_getResponse(tc, has); @@ -419,34 +408,14 @@ void Test_HaExtend_loop_http_tcp_http(CuTest* tc) { void Test_HaExtend_loop_tcp_http_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, TEST_SCHEME_HTTP, TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - if (strlen(conf.ha.extender[0].host) == 0) { - KSI_LOG_debug(ctx, "%s: testing with common extender conf.", __FUNCTION__); - - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_TCP, &conf.extender), conf.extender.user, conf.extender.pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } else { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_TCP, &conf.ha.extender[0]), conf.ha.extender[0].user, conf.ha.extender[0].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - - if (strlen(conf.ha.extender[1].host) != 0) { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_HTTP, &conf.ha.extender[1]), conf.ha.extender[1].user, conf.ha.extender[1].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } - - if (strlen(conf.ha.extender[2].host) != 0) { - res = KSI_AsyncService_addEndpoint(has, - KSITest_composeUri(TEST_SCHEME_TCP, &conf.ha.extender[2]), conf.ha.extender[2].user, conf.ha.extender[2].pass); - CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); - } - } + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); + CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); KSI_LOG_debug(ctx, "%s", __FUNCTION__); asyncExtending_loop_getResponse(tc, has); @@ -455,7 +424,7 @@ void Test_HaExtend_loop_tcp_http_tcp(CuTest* tc) { } -static void asyncExtending_collect_getResponse(CuTest* tc, const char *scheme) { +static void asyncExtending_collect_getResponse(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; time_t startTime; @@ -598,16 +567,18 @@ static void asyncExtending_collect_getResponse(CuTest* tc, const char *scheme) { } void Test_HaExtend_collect_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_collect_getResponse(tc, TEST_SCHEME_TCP); + asyncExtending_collect_getResponse(tc, scheme); } void Test_HaExtend_collect_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_collect_getResponse(tc, TEST_SCHEME_HTTP); + asyncExtending_collect_getResponse(tc, scheme); } -static void asyncExtending_getError(CuTest* tc, const char *scheme, KSITest_ServiceConf *srvCfg, KSITest_ServiceConf *haCfg, int expected, long external) { +static void asyncExtending_getError(CuTest* tc, const char **scheme, KSITest_ServiceConf *srvCfg, KSITest_ServiceConf *haCfg, int expected, long external) { int res; const size_t reqTime = 1435740789; KSI_Integer *aggrTime = NULL; @@ -700,13 +671,15 @@ static void asyncExtending_getError(CuTest* tc, const char *scheme, KSITest_Serv void Test_HaExtend_useAggregator_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_getError(tc, TEST_SCHEME_TCP, &conf.aggregator, conf.ha.aggregator, KSI_INVALID_FORMAT, 0); + asyncExtending_getError(tc, scheme, &conf.aggregator, conf.ha.aggregator, KSI_INVALID_FORMAT, 0); } void Test_HaExtend_useAggregator_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_getError(tc, TEST_SCHEME_HTTP, &conf.aggregator, conf.ha.aggregator, KSI_HTTP_ERROR, 400); + asyncExtending_getError(tc, scheme, &conf.aggregator, conf.ha.aggregator, KSI_HTTP_ERROR, 400); } static int createDummyExtAsyncRequest(KSI_AsyncHandle **ah) { @@ -737,7 +710,7 @@ static int createDummyExtAsyncRequest(KSI_AsyncHandle **ah) { return res; } -static void asyncExtending_fillupCache(CuTest* tc, const char *scheme) { +static void asyncExtending_fillupCache(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; KSI_AsyncHandle *hndl = NULL; @@ -778,16 +751,18 @@ static void asyncExtending_fillupCache(CuTest* tc, const char *scheme) { } void Test_HaExtend_fillupCache_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_fillupCache(tc, TEST_SCHEME_TCP); + asyncExtending_fillupCache(tc, scheme); } void Test_HaExtend_fillupCache_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_fillupCache(tc, TEST_SCHEME_HTTP); + asyncExtending_fillupCache(tc, scheme); } -static void asyncExtending_addEmptyReq(CuTest* tc, const char *scheme) { +static void asyncExtending_addEmptyReq(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; KSI_AsyncHandle *handle = NULL; @@ -816,13 +791,15 @@ static void asyncExtending_addEmptyReq(CuTest* tc, const char *scheme) { } void Test_HaExtend_addEmptyRequest_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_addEmptyReq(tc, TEST_SCHEME_TCP); + asyncExtending_addEmptyReq(tc, scheme); } void Test_HaExtend_addEmptyRequest_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_addEmptyReq(tc, TEST_SCHEME_HTTP); + asyncExtending_addEmptyReq(tc, scheme); } static void Test_HaExtend_noEndpoint_addRequest(CuTest* tc) { @@ -880,7 +857,7 @@ void Test_HaExtend_exceedMaxNofSubservices(CuTest* tc) { KSI_AsyncService_free(has); } -static void asyncExtending_runEmpty(CuTest* tc, const char *scheme) { +static void asyncExtending_runEmpty(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; KSI_AsyncHandle *hndl = NULL; @@ -904,13 +881,15 @@ static void asyncExtending_runEmpty(CuTest* tc, const char *scheme) { } void Test_HaExtend_runEmpty_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_runEmpty(tc, TEST_SCHEME_TCP); + asyncExtending_runEmpty(tc, scheme); } void Test_HaExtend_runEmpty_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_runEmpty(tc, TEST_SCHEME_HTTP); + asyncExtending_runEmpty(tc, scheme); } static void asyncExtending_requestConfigOnly(CuTest* tc, KSI_AsyncService *as) { @@ -989,6 +968,7 @@ static void asyncExtending_requestConfigOnly(CuTest* tc, KSI_AsyncService *as) { void Test_HaExtend_requestConfigOnly_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -996,7 +976,7 @@ void Test_HaExtend_requestConfigOnly_tcp(CuTest* tc) { res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_TCP, &conf.extender, conf.ha.extender); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); asyncExtending_requestConfigOnly(tc, has); @@ -1006,6 +986,7 @@ void Test_HaExtend_requestConfigOnly_tcp(CuTest* tc) { void Test_HaExtend_requestConfigOnly_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -1013,7 +994,7 @@ void Test_HaExtend_requestConfigOnly_http(CuTest* tc) { res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_HTTP, &conf.extender, conf.ha.extender); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); asyncExtending_requestConfigOnly(tc, has); @@ -1089,6 +1070,7 @@ static void asyncExtending_requestConfigOnlyUseCallback(CuTest* tc, KSI_AsyncSer void Test_HaExtend_requestConfigOnlyUseCallback_tcp(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_AsyncService *has = NULL; KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -1096,7 +1078,7 @@ void Test_HaExtend_requestConfigOnlyUseCallback_tcp(CuTest* tc) { res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_TCP, &conf.extender, conf.ha.extender); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); res = KSI_AsyncService_setOption(has, KSI_ASYNC_OPT_PUSH_CONF_CALLBACK, (void *)dummyCallback); @@ -1109,6 +1091,7 @@ void Test_HaExtend_requestConfigOnlyUseCallback_tcp(CuTest* tc) { void Test_HaExtend_requestConfigOnlyUseCallback_http(CuTest* tc) { int res; + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_AsyncService *has = NULL; KSI_LOG_debug(ctx, "%s", __FUNCTION__); @@ -1116,7 +1099,7 @@ void Test_HaExtend_requestConfigOnlyUseCallback_http(CuTest* tc) { res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); - res = KSITest_HighAvailabilityService_setEndpoint(has, TEST_SCHEME_HTTP, &conf.extender, conf.ha.extender); + res = KSITest_HighAvailabilityService_setEndpoint(has, scheme, &conf.extender, conf.ha.extender); CuAssert(tc, "Unable to configure service endpoint.", res == KSI_OK); res = KSI_AsyncService_setOption(has, KSI_ASYNC_OPT_PUSH_CONF_CALLBACK, (void *)dummyCallback); @@ -1127,13 +1110,13 @@ void Test_HaExtend_requestConfigOnlyUseCallback_http(CuTest* tc) { KSI_AsyncService_free(has); } -static void asyncExtending_verifySubserviceCallbacksDisabled(CuTest* tc, const char *scheme) { +static void asyncExtending_verifySubserviceCallbacksDisabled(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *has = NULL; size_t i; KSI_AsyncServiceList *list = NULL; - KSI_LOG_debug(ctx, "%s: %s", __FUNCTION__, scheme); + KSI_LOG_debug(ctx, "%s", __FUNCTION__); res = KSI_ExtendingHighAvailabilityService_new(ctx, &has); CuAssert(tc, "Unable to create new async service object.", res == KSI_OK && has != NULL); @@ -1173,16 +1156,18 @@ static void asyncExtending_verifySubserviceCallbacksDisabled(CuTest* tc, const c } static void Test_HaExtend_verifySubserviceCallbacksDisabled_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_verifySubserviceCallbacksDisabled(tc, TEST_SCHEME_TCP); + asyncExtending_verifySubserviceCallbacksDisabled(tc, scheme); } static void Test_HaExtend_verifySubserviceCallbacksDisabled_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_verifySubserviceCallbacksDisabled(tc, TEST_SCHEME_HTTP); + asyncExtending_verifySubserviceCallbacksDisabled(tc, scheme); } -static void asyncExtending_requestConfigWithExtReq(CuTest* tc, const char *scheme) { +static void asyncExtending_requestConfigWithExtReq(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *as = NULL; KSI_AsyncHandle *handle = NULL; @@ -1306,16 +1291,18 @@ static void asyncExtending_requestConfigWithExtReq(CuTest* tc, const char *schem } void Test_HaExtend_requestConfigWithExtReq_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_requestConfigWithExtReq(tc, TEST_SCHEME_TCP); + asyncExtending_requestConfigWithExtReq(tc, scheme); } void Test_HaExtend_requestConfigWithExtReq_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_requestConfigWithExtReq(tc, TEST_SCHEME_HTTP); + asyncExtending_requestConfigWithExtReq(tc, scheme); } -static void asyncExtending_requestConfigAndExtRequest_loop(CuTest* tc, const char *scheme) { +static void asyncExtending_requestConfigAndExtRequest_loop(CuTest* tc, const char **scheme) { int res; KSI_AsyncService *has = NULL; time_t startTime; @@ -1466,13 +1453,15 @@ static void asyncExtending_requestConfigAndExtRequest_loop(CuTest* tc, const cha } void Test_HaExtend_requestConfigAndExtRequest_loop_tcp(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_TCP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_requestConfigAndExtRequest_loop(tc, TEST_SCHEME_TCP); + asyncExtending_requestConfigAndExtRequest_loop(tc, scheme); } void Test_HaExtend_requestConfigAndExtRequest_loop_http(CuTest* tc) { + const char *scheme[] = {TEST_SCHEME_HTTP, NULL}; KSI_LOG_debug(ctx, "%s", __FUNCTION__); - asyncExtending_requestConfigAndExtRequest_loop(tc, TEST_SCHEME_HTTP); + asyncExtending_requestConfigAndExtRequest_loop(tc, scheme); } static void preTest(void) { diff --git a/test/include-test.sh b/test/include-test.sh index b91404ff..077ea64f 100755 --- a/test/include-test.sh +++ b/test/include-test.sh @@ -25,7 +25,7 @@ if [ $# -ne 1 ]; then exit 1; fi; -if [ "z$CC" == "z" ]; then +if [ "z$CC" = "z" ]; then echo "Compiler variable CC not set."; exit 1; fi; diff --git a/test/ksi_blocksigner_test.c b/test/ksi_blocksigner_test.c index 6036f504..4c93ea1f 100644 --- a/test/ksi_blocksigner_test.c +++ b/test/ksi_blocksigner_test.c @@ -504,11 +504,6 @@ static void testCreateBlockSigner(CuTest *tc) { KSI_BlockSigner **bs; int expectedRes; } tests[] = { - {NULL, KSI_HASHALG_SHA3_512, NULL, NULL, NULL, KSI_INVALID_ARGUMENT}, - {NULL, KSI_HASHALG_SHA3_512, NULL, NULL, &bs, KSI_INVALID_ARGUMENT}, - {NULL, KSI_HASHALG_SHA3_512, NULL, iv, &bs, KSI_INVALID_ARGUMENT}, - {NULL, KSI_HASHALG_SHA3_512, zero, NULL, &bs, KSI_INVALID_ARGUMENT}, - {ctx, KSI_HASHALG_SHA3_512, NULL, NULL, &bs, KSI_UNAVAILABLE_HASH_ALGORITHM}, {NULL, KSI_HASHALG_SHA2_512, NULL, NULL, NULL, KSI_INVALID_ARGUMENT}, {NULL, KSI_HASHALG_SHA2_512, NULL, NULL, &bs, KSI_INVALID_ARGUMENT}, {NULL, KSI_HASHALG_SHA2_512, NULL, iv, &bs, KSI_INVALID_ARGUMENT}, diff --git a/test/ksi_hash_test.c b/test/ksi_hash_test.c index e91e4766..46e91709 100644 --- a/test/ksi_hash_test.c +++ b/test/ksi_hash_test.c @@ -442,10 +442,10 @@ static void testAllHashing(CuTest *tc) { expected[KSI_HASHALG_SHA2_512] = "2dcee3bebeeec061751c7e2c886fddb069502c3c71e1f70272d77a64c092e51b6a262d208939cc557de7650da347b08f643d515ff8009a7342454e73247761dd"; expected[0x06] = NULL; /* Deprecated hash function. */ expected[KSI_HASHALG_SHA3_224] = "TODO!"; - expected[KSI_HASHALG_SHA3_256] = "TODO!"; - expected[KSI_HASHALG_SHA3_384] = "TODO!"; - expected[KSI_HASHALG_SHA3_512] = "TODO!"; - expected[KSI_HASHALG_SM3] = "TODO!"; + expected[KSI_HASHALG_SHA3_256] = "05d89ebd9e3ecb536ad11cac3bda51a7a81e043f7843274b49e7893ab161ffc6"; + expected[KSI_HASHALG_SHA3_384] = "3b45a4e97d912b2cb05f6c4ea659714c3db95280f37117a05e679338a5064fd434b1c73164c51ec9687ce39096d7b7b7"; + expected[KSI_HASHALG_SHA3_512] = "90f8c16c5e7d134deaf1c64a9ab79851ac7f7c1718c918c6ae902b84d8954de94b2d96bc2abf8fbd13a6b5d4f108c2ec0e64b912d379f4f970efa079c01a2eb7"; + expected[KSI_HASHALG_SM3] = "06d3dad6636fae1a39e02361f3d67908e0315a610cdf640502f36987258f2a71"; for (algo_id = 0; algo_id < KSI_NUMBER_OF_KNOWN_HASHALGS; algo_id++) { unsigned char expectedImprint[0xff]; @@ -530,7 +530,7 @@ static void testUnimplemented(CuTest *tc) { const unsigned char *ptr = NULL; size_t ptr_len; - KSI_HashAlgorithm algo = KSI_HASHALG_SHA3_512; + KSI_HashAlgorithm algo = KSI_HASHALG_SHA3_224; CuAssert(tc, "The algorithm used for this test must not be implemented.", !KSI_isHashAlgorithmSupported(algo)); diff --git a/test/ksi_hmac_test.c b/test/ksi_hmac_test.c index 19f58ee6..d0f56e85 100644 --- a/test/ksi_hmac_test.c +++ b/test/ksi_hmac_test.c @@ -39,7 +39,14 @@ static int CompareHmac(KSI_DataHash *hmac, const char *expected) { KSI_DataHash_toString(hmac, buf, sizeof(buf)); if (!strcmp(buf, expected)) { + KSI_LOG_debug(ctx, "HMAC values match as expected"); + KSI_LOG_debug(ctx, "Expected HMAC: %s", expected); + KSI_LOG_debug(ctx, "Actual HMAC: %s", buf); res = KSI_OK; + } else { + KSI_LOG_debug(ctx, "HMAC values do not match"); + KSI_LOG_debug(ctx, "Expected HMAC: %s", expected); + KSI_LOG_debug(ctx, "Actual HMAC: %s", buf); } return res; @@ -195,10 +202,10 @@ static void TestAllAlgorithms(CuTest* tc) { expected[KSI_HASHALG_SHA2_512] = "05fb7ed4edda2e2631c53103413823b1d7613d756e43b5182550f04decbde99bd3848ff38dbc5a4210f3439754b77de10c294acdb0704fbfcd2493d48f2e65ed98"; expected[0x06] = NULL; /* Deprecated hash function. */ expected[KSI_HASHALG_SHA3_224] = "TODO!"; - expected[KSI_HASHALG_SHA3_256] = "TODO!"; - expected[KSI_HASHALG_SHA3_384] = "TODO!"; - expected[KSI_HASHALG_SHA3_512] = "TODO!"; - expected[KSI_HASHALG_SM3] = "TODO!"; + expected[KSI_HASHALG_SHA3_256] = "08f5001cfd23ef507c63af0adc57447a5cf6c39dacecb100cb8d2351e0a29f9b86"; + expected[KSI_HASHALG_SHA3_384] = "0973c629f9f36745f086ba2514768c53fb019fa15560497d7ba73ed8c4272efa22484709633b3b47ef956a7b0000fb5d0a"; + expected[KSI_HASHALG_SHA3_512] = "0a8b79264214dfc74f6edbf69ba5060e7ac0e42295ab1e6832c3b65c3d02e5e188f915f2170f4c0c2f7065f623d052e742f22163ea5a87bc1ae54085c4e0a85eaf"; + expected[KSI_HASHALG_SM3] = "0b8ada73d2992ddbc91f3d984710dc1d605801f34aaac741f5a3a407eb8f0959c6"; for (algo_id = 0; algo_id < KSI_NUMBER_OF_KNOWN_HASHALGS; algo_id++) { char errm[0x1ff]; @@ -206,12 +213,19 @@ static void TestAllAlgorithms(CuTest* tc) { /* Skip unsupported. */ if (!KSI_isHashAlgorithmSupported(algo_id)) continue; + KSI_LOG_debug(ctx, "Testing HMAC-%s", KSI_getHashAlgorithmName(algo_id)); + KSI_ERR_clearErrors(ctx); res = KSI_HMAC_create(ctx, algo_id, key, data, data_len, &hmac); + KSI_LOG_logCtxError(ctx, KSI_LOG_DEBUG); + KSI_snprintf(errm, sizeof(errm), "Failed to create HMAC for algorithm %s", KSI_getHashAlgorithmName(algo_id)); CuAssert(tc, errm, res == KSI_OK && hmac != NULL); + KSI_LOG_debug(ctx, "HMAC-%s creates successfully", KSI_getHashAlgorithmName(algo_id)); + + res = CompareHmac(hmac, expected[algo_id]); KSI_snprintf(errm, sizeof(errm), "HMAC mismatch for algorithm %s", KSI_getHashAlgorithmName(algo_id)); CuAssert(tc, errm, res == KSI_OK && hmac != NULL); @@ -364,7 +378,7 @@ static void TestInvalidParams(CuTest* tc) { static void testUnimplementedHashAlgorithm(CuTest *tc) { KSI_DataHash *hsh = NULL; - int res = KSI_HMAC_create(ctx, KSI_HASHALG_SM3, "key", (unsigned char *)"data", 4, &hsh); + int res = KSI_HMAC_create(ctx, KSI_HASHALG_SHA3_224, "key", (unsigned char *)"data", 4, &hsh); CuAssert(tc, "Unimplemented hash algorithm may not be used for HMAC computation.", res = KSI_UNAVAILABLE_HASH_ALGORITHM && hsh == NULL); KSI_DataHash_free(hsh); diff --git a/test/ksi_tlv_test.c b/test/ksi_tlv_test.c index 1264e068..9e9a2750 100644 --- a/test/ksi_tlv_test.c +++ b/test/ksi_tlv_test.c @@ -778,6 +778,27 @@ void testTlvElementRemoveMultipleSameId(CuTest *tc) { KSI_TlvElement_free(tlv); } +void testTlvElementGetFromCorruptedTlv(CuTest *tc) { + int res; + KSI_TlvElement *tlv = NULL; + KSI_TlvElement *subTlv = NULL; + /* # TLV to be parsed. + TLV[10]: + TLV[01]: + 000000 + */ + unsigned char buf[] = {0x10, 0x5, 0x01, 0x05, 0x00, 0x00, 0x00}; + + res = KSI_TlvElement_parse(buf, sizeof(buf), &tlv); + CuAssert(tc, "Unable to parse TLV.", res == KSI_OK && tlv != NULL); + + res = KSI_TlvElement_getElement(tlv, 0x01, &subTlv); + CuAssert(tc, "It must fail as nested TLV is corrupted.", res == KSI_INVALID_FORMAT && subTlv == NULL); + + KSI_TlvElement_free(tlv); + KSI_TlvElement_free(subTlv); +} + CuSuite* KSITest_TLV_getSuite(void) { CuSuite* suite = CuSuiteNew(); @@ -807,6 +828,7 @@ CuSuite* KSITest_TLV_getSuite(void) SUITE_ADD_TEST(suite, testTlvElementRemove); SUITE_ADD_TEST(suite, testTlvElementRemoveNotExisting); SUITE_ADD_TEST(suite, testTlvElementRemoveMultipleSameId); + SUITE_ADD_TEST(suite, testTlvElementGetFromCorruptedTlv); return suite; } diff --git a/test/ksi_truststore_test.c b/test/ksi_truststore_test.c index 19c96181..c8b36d4b 100644 --- a/test/ksi_truststore_test.c +++ b/test/ksi_truststore_test.c @@ -141,11 +141,11 @@ static void TestExtractingOfPKICertificate(CuTest *tc) { char *ret = NULL; const char expectedValue[] = - "PKI Certificate (a1:95:98:9a):\n" + "PKI Certificate (62:f4:ee:e2):\n" " * Issued to: E=publications@guardtime.com O=Guardtime AS C=EE\n" " * Issued by: E=publications@guardtime.com O=Guardtime AS C=EE\n" - " * Valid from: 2019-06-03 12:15:51 UTC to 2020-06-02 12:15:51 UTC [valid]\n" - " * Serial Number: 00\n"; + " * Valid from: 2020-06-03 15:35:05 UTC to 2040-05-29 15:35:05 UTC [valid]\n" + " * Serial Number: aa:4d:46:e6:e2:4e:b6:86\n"; res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath("resource/tlv/publications.tlv"), &pubfile); CuAssert(tc, "Unable to load publications file from file.", res == KSI_OK && pubfile != NULL); diff --git a/test/resource/crt/mock.crt b/test/resource/crt/mock.crt index eb7e71bb..664ab9df 100644 --- a/test/resource/crt/mock.crt +++ b/test/resource/crt/mock.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDWzCCAkOgAwIBAgIBADANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJFRTEV -MBMGA1UECgwMR3VhcmR0aW1lIEFTMSkwJwYJKoZIhvcNAQkBFhpwdWJsaWNhdGlv -bnNAZ3VhcmR0aW1lLmNvbTAeFw0xOTA2MDMxMjE1NTFaFw0yMDA2MDIxMjE1NTFa -ME8xCzAJBgNVBAYTAkVFMRUwEwYDVQQKDAxHdWFyZHRpbWUgQVMxKTAnBgkqhkiG -9w0BCQEWGnB1YmxpY2F0aW9uc0BndWFyZHRpbWUuY29tMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAzkhfrDw16aVl0adBE/2W3ga/4zfm9wqDBAYjM1qf -sZOLnFENKDkltm7Ibk6PmBqT4d12JA7aflaxte2E3RSgQUKA9xNacBC5AUHgbMIT -qjzzTjcqACRdm1q9d/dCX1w0C2RF8OZe8Mdg5tjYAwzMvrCT3B+BPIYJLWY3LbOm -hXSYpPpfFDqP788ak1q5KF39mRlFrYdCHSHCODXh9foJsRGYnZDWUW44iFlIEbXB -GLZxm/1Oojgb/batvTvbjrzjJNgJwTd1RZLvljiKJN8rSY7P9PbNIfvI2CBAyYS1 -2725weTGdI18Re3bnK9mzJnOhJW9NsFXcdJ3sjyu99oEXQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUTnrdRUrg//Gq -ejw+UKFlgqZtz7EwDQYJKoZIhvcNAQELBQADggEBAAGxLtFj+WyDfCgo7sdFbMQe -Pom2tZEAGsS6STN8/h/HC/3w2RvfBN6C1ldm0f0aeH1RaEOAvNJfVCQ2vHMcTPF/ -vAovnEw5a+fj00fCvbpvIih9uHK7T/rhaiHzByHr8U8Cl1Ky8N6GFK/e5+48ErV3 -lfOCsqe5MHx456ufCHDRQnW6TCK41nsp/6mzE8VmVzV1LIfrhy/2BVdNMv9QO+Q5 -JmFer7R5hsqO+JweR2ZCORbw+x61buMsL5JHPPYGeVGUeE3ycGydpP719cAnwtHn -bIDEX5nnRpWNckhXrJco6smM6JXDOCcMtg2/cTK6ztR3+VhmrbgRJT3KmFV4ycQ= +MIIDSDCCAjACCQCqTUbm4k62hjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJF +RTEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRUwEwYDVQQKDAxHdWFyZHRpbWUgQVMx +KTAnBgkqhkiG9w0BCQEWGnB1YmxpY2F0aW9uc0BndWFyZHRpbWUuY29tMB4XDTIw +MDYwMzE1MzUwNVoXDTQwMDUyOTE1MzUwNVowZjELMAkGA1UEBhMCRUUxFTATBgNV +BAcMDERlZmF1bHQgQ2l0eTEVMBMGA1UECgwMR3VhcmR0aW1lIEFTMSkwJwYJKoZI +hvcNAQkBFhpwdWJsaWNhdGlvbnNAZ3VhcmR0aW1lLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANm8y3fTx4hQKewJx15Xgo1YsmAI7EIaLjKVuztH +YlHsZSBUfyey0EtbNiK2ls1JoHeE66wD1U4LvTR3+u9X+8ff2Q9pIWFsLzs4ThEN +26u1IUwmMBxGUxV7SBSEEKjjWK7xOuwzPQF+U/DFEY7HeLjcBUG6QEsv+rF3JCTE +AYCYvOF1fwQxtWFFeeFbp+bJr0h31SQGKnjImw1qi9AYuyF4GaUYXcZFuWmtaNRh +zgNvks2ej8vvW39fd5x5UWEXvya56KhIrLGNdF0ekaMt4pguLODgFK6UaKNrGkV9 +bIMw4wwFopgXCbwHWszAiFhr3QiJ+EiaOIQ81Lb9CHFE258CAwEAATANBgkqhkiG +9w0BAQsFAAOCAQEAi7jYf2DCbDJ/rGkzmLtAMDabblsfk1yrMZo0qn1Ru0P+KRH3 +WbS63QbpYQlTfDbIE2UGxXOYNNtjuWXFfkz9vojS3SsomAOsIPRSVyes6E5qczki +046Q4aZfkTvJ5KOz6hgJ1Jxdvs1R8XbZX+bSFaQwrIx3DK8SqQXEf1VPnjbMzooG +rgiAFbvTDualTDPpBmw67VzgMxLEuXil2AY+DsceAhFuo2lKysVUgi6el7hjBPNa +5m8epQcMlncn6SXjKh5cy/iXJw41GF1BRNNthwL4jNk8mfYF0mR9/m6HV0Cy4Zzp +Seyw59+fGyJjv91ty4jSY2Fe78q5cmBvG+H4+A== -----END CERTIFICATE----- diff --git a/test/resource/tlv/ksi-publications.bin b/test/resource/tlv/ksi-publications.bin index e3bdee1a..fedbfc37 100644 Binary files a/test/resource/tlv/ksi-publications.bin and b/test/resource/tlv/ksi-publications.bin differ diff --git a/test/resource/tlv/publications.tlv b/test/resource/tlv/publications.tlv index 731eb6b3..2cf8a1a7 100644 Binary files a/test/resource/tlv/publications.tlv and b/test/resource/tlv/publications.tlv differ diff --git a/test/support_tests.c b/test/support_tests.c index 21b4e43f..2a87b198 100644 --- a/test/support_tests.c +++ b/test/support_tests.c @@ -283,29 +283,59 @@ const char *KSITest_composeUri(const char *scheme, const KSITest_ServiceConf *se return buf; } -int KSITest_HighAvailabilityService_setEndpoint(KSI_AsyncService *service, const char *scheme, +int KSITest_HighAvailabilityService_setEndpoint(KSI_AsyncService *service, const char **scheme, KSITest_ServiceConf *srvConf, KSITest_ServiceConf *haConf) { int res = KSI_UNKNOWN_ERROR; - size_t i; - if (service == NULL || scheme == NULL || srvConf == NULL) { + if (service == NULL || scheme == NULL || scheme[0] == NULL || srvConf == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } if (haConf == NULL || strlen(haConf[0].host) == 0) { res = KSI_AsyncService_addEndpoint(service, - KSITest_composeUri(scheme, srvConf), + KSITest_composeUri(scheme[0], srvConf), srvConf->user, srvConf->pass); if (res != KSI_OK) goto cleanup; + + if (strlen(srvConf->hmac)) { + KSI_HashAlgorithm algId = KSI_getHashAlgorithmByName(srvConf->hmac); + if (algId == KSI_HASHALG_INVALID) { + res = KSI_INVALID_ARGUMENT; + goto cleanup; + } + res = KSI_AsyncService_setOption(service, KSI_ASYNC_OPT_HMAC_ALGORITHM, (void*)algId); + if (res != KSI_OK) goto cleanup; + } } else { + size_t i = 0; + const char *schm = NULL; + + while (scheme[i++]); + if (i-1 == 1) { + schm = scheme[0]; + } else if (i-1 != CONF_MAX_HA_SERVICES) { + res = KSI_INVALID_ARGUMENT; + goto cleanup; + } + for (i = 0; i < CONF_MAX_HA_SERVICES; i++) { if (strlen(haConf[i].host)) { res = KSI_AsyncService_addEndpoint(service, - KSITest_composeUri(scheme, &haConf[i]), + KSITest_composeUri((schm != NULL ? schm : scheme[i]), &haConf[i]), haConf[i].user, haConf[i].pass); if (res != KSI_OK) goto cleanup; } + + if (strlen(haConf[i].hmac)) { + KSI_HashAlgorithm algId = KSI_getHashAlgorithmByName(haConf[i].hmac); + if (algId == KSI_HASHALG_INVALID) { + res = KSI_INVALID_ARGUMENT; + goto cleanup; + } + res = KSI_AsyncService_setOption(service, KSI_ASYNC_OPT_HMAC_ALGORITHM, (void*)algId); + if (res != KSI_OK) goto cleanup; + } } } diff --git a/test/support_tests.h b/test/support_tests.h index c3aa7b06..bcdf43ea 100644 --- a/test/support_tests.h +++ b/test/support_tests.h @@ -28,7 +28,7 @@ int KSITest_decodeHexStr(const char *hexstr, unsigned char *buf, size_t buf_size int KSITest_DataHash_fromStr(KSI_CTX *ctx, const char *hexstr, KSI_DataHash **hsh); int KSITest_memcmp(void *ptr1, void *ptr2, size_t len); const char *KSITest_composeUri(const char *scheme, const KSITest_ServiceConf *service); -int KSITest_HighAvailabilityService_setEndpoint(KSI_AsyncService *service, const char *scheme, KSITest_ServiceConf *srvConf, KSITest_ServiceConf *haConf); +int KSITest_HighAvailabilityService_setEndpoint(KSI_AsyncService *service, const char **scheme, KSITest_ServiceConf *srvConf, KSITest_ServiceConf *haConf); #ifdef __cplusplus } diff --git a/test/test_async_signer.c b/test/test_async_signer.c index 9065e4c9..dd83a399 100644 --- a/test/test_async_signer.c +++ b/test/test_async_signer.c @@ -164,7 +164,6 @@ int main(int argc, char **argv) { KSITest_Conf conf; KSI_Signature *signature = NULL; time_t start; - size_t i; time(&start); @@ -209,7 +208,8 @@ int main(int argc, char **argv) { /* Create new async service provider. */ if (argc > _NOF_MANDATORY_ARGS) { - int nofHaSs = 0; + KSI_AsyncServiceList *ssList = NULL; + size_t i; if (strcmp(argv[ARGV_SIGNER_TYPE], SIGNER_TYPE_HA)) { fprintf(stderr, "Unknown signer type: %s\n", argv[ARGV_SIGNER_TYPE]); @@ -235,11 +235,34 @@ int main(int argc, char **argv) { KSI_LOG_info(ksi, " URI: %s", KSITest_composeUri(argv[ARGV_PROTOCOL], &conf.ha.aggregator[i])); KSI_LOG_info(ksi, " user: %s", conf.ha.aggregator[i].user); KSI_LOG_info(ksi, " pass: %s", conf.ha.aggregator[i].pass); - nofHaSs++; + + /* HMAC algorithm configuration. */ + if (strlen(conf.ha.aggregator[i].hmac)) { + KSI_HashAlgorithm algId = KSI_getHashAlgorithmByName(conf.ha.aggregator[i].hmac); + if (algId == KSI_HASHALG_INVALID) { + fprintf(stderr, "Invalid hash algorithm for aggregator HMAC: '%s'\n", conf.ha.aggregator[i].hmac); + exit(EXIT_FAILURE); + } + + res = KSI_AsyncService_setOption(as, KSI_ASYNC_OPT_HMAC_ALGORITHM, (void*)algId); + if (res != KSI_OK) { + fprintf(stderr, "Unable to set endpoint HMAC algorithm.\n"); + goto cleanup; + } + KSI_LOG_info(ksi, " HMAC: %s", KSI_getHashAlgorithmName(algId)); + } } } - if (!nofHaSs) { + + res = KSI_AsyncService_getOption(as, KSI_ASYNC_OPT_HA_SUBSERVICE_LIST, (void *)&ssList); + if (res != KSI_OK) { + fprintf(stderr, "Unable to extract sub-service list.\n"); + goto cleanup; + } + + if (KSI_AsyncServiceList_length(ssList) == 0) { fprintf(stderr, "No subservices defined.\n"); + res = KSI_INVALID_STATE; goto cleanup; } } else { @@ -260,6 +283,7 @@ int main(int argc, char **argv) { KSI_LOG_info(ksi, " pass: %s", conf.aggregator.pass); } + /* Round max request count confguration. */ { size_t count = atoi(argv[ARGV_MAX_REQUEST_COUNT]); KSI_LOG_info(ksi, "Setting max request count to: %llu", (unsigned long long)count); @@ -272,6 +296,7 @@ int main(int argc, char **argv) { } } + /* Request cache size configturation. */ { size_t size = atoi(argv[ARGV_REQUEST_CACHE_SIZE]); KSI_LOG_info(ksi, "Setting request cache size to: %llu", (unsigned long long)size); @@ -281,7 +306,6 @@ int main(int argc, char **argv) { fprintf(stderr, "Unable to set request cache size.\n"); goto cleanup; } - } } diff --git a/test/test_conf.c b/test/test_conf.c index 9977e0d6..1379220c 100644 --- a/test/test_conf.c +++ b/test/test_conf.c @@ -271,6 +271,7 @@ int KSITest_Conf_load(const char *confFile, KSITest_Conf *conf) { res = conf_control(conf); cleanup: + if (file != NULL) fclose(file); return res; }