mirror of
https://github.com/rsyslog/rsyslog.git
synced 2025-12-19 04:30:43 +01:00
Merge pull request #1592 from rgerhards/i-1590
remove pre KSI-12 KSI components
This commit is contained in:
Rainer Gerhards
GitHub
commit
07e5da9f4b
17
configure.ac
17
configure.ac
@ -1278,22 +1278,6 @@ fi
|
||||
AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes)
|
||||
|
||||
|
||||
# GuardTime KSI support
|
||||
AC_ARG_ENABLE(gt-ksi,
|
||||
[AS_HELP_STRING([--enable-gt-ksi],[Enable log file signing support via GuardTime KSI @<:@default=no@:>@])],
|
||||
[case "${enableval}" in
|
||||
yes) enable_gt_ksi="yes" ;;
|
||||
no) enable_gt_ksi="no" ;;
|
||||
*) AC_MSG_ERROR(bad value ${enableval} for --enable-gt-ksi) ;;
|
||||
esac],
|
||||
[enable_gt_ksi=no]
|
||||
)
|
||||
if test "x$enable_gt_ksi" = "xyes"; then
|
||||
PKG_CHECK_MODULES(GT_KSI, libksi >= 3.4.0.2)
|
||||
PKG_CHECK_MODULES(GT_KSI, libksi < 3.5.0.0)
|
||||
fi
|
||||
AM_CONDITIONAL(ENABLE_GT_KSI, test x$enable_gt_ksi = xyes)
|
||||
|
||||
|
||||
# GuardTime KSI LOGSIG 12 support
|
||||
AC_ARG_ENABLE(ksi-ls12,
|
||||
@ -2135,7 +2119,6 @@ echo " have to generate man pages: $have_to_generate_man_pages"
|
||||
echo " Unlimited select() support enabled: $enable_unlimited_select"
|
||||
echo " uuid support enabled: $enable_uuid"
|
||||
echo " Log file signing support: $enable_guardtime"
|
||||
echo " Log file signing support via KSI: $enable_gt_ksi"
|
||||
echo " Log file signing support via KSI LS12: $enable_ksi_ls12"
|
||||
echo " Log file encryption support: $enable_libgcrypt"
|
||||
echo " anonymization support enabled: $enable_mmanon"
|
||||
|
||||
@ -251,21 +251,6 @@ lmtcpclt_la_LDFLAGS = -module -avoid-version $(LIBLOGGING_STDLOG_LIBS)
|
||||
lmtcpclt_la_LIBADD =
|
||||
|
||||
|
||||
|
||||
#
|
||||
# support library for guardtime KSI
|
||||
#
|
||||
if ENABLE_GT_KSI
|
||||
noinst_LTLIBRARIES += librsksi.la
|
||||
librsksi_la_SOURCES = librsksi.c librsksi_read.c librsksi.h librsgt_common.h
|
||||
librsksi_la_CPPFLAGS = $(RSRT_CFLAGS) $(GT_KSI_CFLAGS)
|
||||
pkglib_LTLIBRARIES += lmsig_ksi.la
|
||||
lmsig_ksi_la_SOURCES = lmsig_ksi.c lmsig_ksi.h
|
||||
lmsig_ksi_la_CPPFLAGS = $(RSRT_CFLAGS) $(GT_KSI_CFLAGS)
|
||||
lmsig_ksi_la_LDFLAGS = -module -avoid-version
|
||||
lmsig_ksi_la_LIBADD = librsksi.la $(GT_KSI_LIBS)
|
||||
endif
|
||||
|
||||
#
|
||||
# support library for Guardtime KSI-LS12
|
||||
#
|
||||
|
||||
1178
runtime/librsksi.c
1178
runtime/librsksi.c
File diff suppressed because it is too large
Load Diff
@ -1,242 +0,0 @@
|
||||
/* librsksi.h - rsyslog's KSI support library
|
||||
*
|
||||
* Copyright 2013-2015 Adiscon GmbH.
|
||||
*
|
||||
* This file is part of rsyslog.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* -or-
|
||||
* see COPYING.ASL20 in the source distribution
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef INCLUDED_LIBRSKSI_H
|
||||
#define INCLUDED_LIBRSKSI_H
|
||||
#include <ksi/ksi.h>
|
||||
typedef enum KSI_HashAlgorithm_en KSI_HashAlgorithm;
|
||||
|
||||
/* Max number of roots inside the forest. This permits blocks of up to
|
||||
* 2^MAX_ROOTS records. We assume that 64 is sufficient for all use
|
||||
* cases ;) [and 64 is not really a waste of memory, so we do not even
|
||||
* try to work with reallocs and such...]
|
||||
*/
|
||||
|
||||
/* context for gt calls. This primarily serves as a container for the
|
||||
* config settings. The actual file-specific data is kept in ksifile.
|
||||
*/
|
||||
struct rsksictx_s {
|
||||
KSI_CTX *ksi_ctx; /* libksi's context object */
|
||||
KSI_HashAlgorithm hashAlg;
|
||||
uint8_t bKeepRecordHashes;
|
||||
uint8_t bKeepTreeHashes;
|
||||
uint64_t blockSizeLimit;
|
||||
uid_t fileUID; /* IDs for creation */
|
||||
uid_t dirUID;
|
||||
gid_t fileGID;
|
||||
gid_t dirGID;
|
||||
int fCreateMode; /* mode to use when creating files */
|
||||
int fDirCreateMode; /* mode to use when creating files */
|
||||
char *timestamper;
|
||||
void (*errFunc)(void *, unsigned char*);
|
||||
void (*logFunc)(void *, unsigned char*);
|
||||
void *usrptr; /* for error function */
|
||||
};
|
||||
typedef struct rsksictx_s *rsksictx;
|
||||
typedef struct ksifile_s *ksifile;
|
||||
typedef struct ksierrctx_s ksierrctx_t;
|
||||
|
||||
/* this describes a file, as far as librsksi is concerned */
|
||||
struct ksifile_s {
|
||||
/* the following data items are mirrored from rsksictx to
|
||||
* increase cache hit ratio (they are frequently accesed).
|
||||
*/
|
||||
KSI_HashAlgorithm hashAlg;
|
||||
uint8_t bKeepRecordHashes;
|
||||
uint8_t bKeepTreeHashes;
|
||||
/* end mirrored properties */
|
||||
uint8_t disabled; /* permits to disable this file --> set to 1 */
|
||||
uint64_t blockSizeLimit;
|
||||
uint8_t *IV; /* initial value for blinding masks */
|
||||
imprint_t *x_prev; /* last leaf hash (maybe of previous block) --> preserve on term */
|
||||
unsigned char *sigfilename;
|
||||
unsigned char *statefilename;
|
||||
int fd;
|
||||
uint64_t nRecords; /* current number of records in current block */
|
||||
uint64_t bInBlk; /* are we currently inside a blk --> need to finish on close */
|
||||
int8_t nRoots;
|
||||
/* algo engineering: roots structure is split into two arrays
|
||||
* in order to improve cache hits.
|
||||
*/
|
||||
int8_t roots_valid[MAX_ROOTS];
|
||||
KSI_DataHash *roots_hash[MAX_ROOTS];
|
||||
/* data members for the associated TLV file */
|
||||
char tlvBuf[4096];
|
||||
int tlvIdx; /* current index into tlvBuf */
|
||||
rsksictx ctx;
|
||||
};
|
||||
|
||||
/* The following structure describes the "error context" to be used
|
||||
* for verification and similiar reader functions. While verifying,
|
||||
* we need some information (like filenames or block numbers) that
|
||||
* is not readily available from the other objects (or not even known
|
||||
* to librsksi). In order to provide meaningful error messages, this
|
||||
* information must be passed in from the external callers. In order
|
||||
* to centralize information (and make it more manageable), we use
|
||||
* ths error context here, which contains everything needed to
|
||||
* generate good error messages. Members of this structure are
|
||||
* maintained both by library users (the callers) as well as
|
||||
* the library itself. Who does what simply depends on who has
|
||||
* the relevant information.
|
||||
*/
|
||||
struct ksierrctx_s {
|
||||
FILE *fp; /**< file for error messages */
|
||||
char *filename;
|
||||
uint8_t verbose;
|
||||
uint64_t recNumInFile;
|
||||
uint64_t recNum;
|
||||
uint64_t blkNum;
|
||||
uint8_t treeLevel;
|
||||
KSI_DataHash *computedHash;
|
||||
KSI_DataHash *lefthash, *righthash; /* hashes to display if tree hash fails */
|
||||
imprint_t *fileHash;
|
||||
int ksistate; /* status from last relevant GT.*() function call */
|
||||
char *errRec;
|
||||
char *frstRecInBlk; /* This holds the first message seen inside the current block */
|
||||
};
|
||||
|
||||
/* the following defines the ksistate file record. Currently, this record
|
||||
* is fixed, we may change that over time.
|
||||
*/
|
||||
struct rsksistatefile {
|
||||
char hdr[9]; /* must be "KSISTAT10" */
|
||||
uint8_t hashID;
|
||||
uint8_t lenHash;
|
||||
/* after that, the hash value is contained within the file */
|
||||
};
|
||||
|
||||
/* error states */
|
||||
#define RSGTE_SUCCESS 0 /* Success state */
|
||||
#define RSGTE_IO 1 /* any kind of io error */
|
||||
#define RSGTE_FMT 2 /* data fromat error */
|
||||
#define RSGTE_INVLTYP 3 /* invalid TLV type record (unexcpected at this point) */
|
||||
#define RSGTE_OOM 4 /* ran out of memory */
|
||||
#define RSGTE_LEN 5 /* error related to length records */
|
||||
#define RSGTE_SIG_EXTEND 6/* error extending signature */
|
||||
#define RSGTE_INVLD_RECCNT 7/* mismatch between actual records and records
|
||||
given in block-sig record */
|
||||
#define RSGTE_INVLHDR 8/* invalid file header */
|
||||
#define RSGTE_EOF 9 /* specific EOF */
|
||||
#define RSGTE_MISS_REC_HASH 10 /* record hash missing when expected */
|
||||
#define RSGTE_MISS_TREE_HASH 11 /* tree hash missing when expected */
|
||||
#define RSGTE_INVLD_REC_HASH 12 /* invalid record hash (failed verification) */
|
||||
#define RSGTE_INVLD_TREE_HASH 13 /* invalid tree hash (failed verification) */
|
||||
#define RSGTE_INVLD_REC_HASHID 14 /* invalid record hash ID (failed verification) */
|
||||
#define RSGTE_INVLD_TREE_HASHID 15 /* invalid tree hash ID (failed verification) */
|
||||
#define RSGTE_MISS_BLOCKSIG 16 /* block signature record missing when expected */
|
||||
#define RSGTE_INVLD_SIGNATURE 17 /* Signature is invalid (KSI_Signature_verifyDataHash)*/
|
||||
#define RSGTE_TS_CREATEHASH 18 /* error creating HASH (KSI_DataHash_create) */
|
||||
#define RSGTE_TS_DERENCODE 19 /* error DER-Encoding a timestamp */
|
||||
#define RSGTE_HASH_CREATE 20 /* error creating a hash */
|
||||
#define RSGTE_END_OF_SIG 21 /* unexpected end of signature - more log line exist */
|
||||
#define RSGTE_END_OF_LOG 22 /* unexpected end of log file - more signatures exist */
|
||||
#define RSGTE_EXTRACT_HASH 23 /* error extracting hashes for record */
|
||||
#define RSGTE_CONFIG_ERROR 24 /* Configuration error */
|
||||
#define RSGTE_NETWORK_ERROR 25 /* Network error */
|
||||
#define RSGTE_MISS_KSISIG 26 /* KSI signature missing */
|
||||
|
||||
const char * RSKSIE2String(int err);
|
||||
uint16_t hashOutputLengthOctetsKSI(uint8_t hashID);
|
||||
uint8_t hashIdentifierKSI(KSI_HashAlgorithm hashID);
|
||||
const char * hashAlgNameKSI(uint8_t hashID);
|
||||
KSI_HashAlgorithm hashID2AlgKSI(uint8_t hashID);
|
||||
|
||||
#define getIVLenKSI(bh) (hashOutputLengthOctetsKSI((bh)->hashID))
|
||||
#define rsksiSetBlockSizeLimit(ctx, limit) ((ctx)->blockSizeLimit = limit)
|
||||
#define rsksiSetKeepRecordHashes(ctx, val) ((ctx)->bKeepRecordHashes = val)
|
||||
#define rsksiSetKeepTreeHashes(ctx, val) ((ctx)->bKeepTreeHashes = val)
|
||||
#define rsksiSetFileUID(ctx, val) ((ctx)->fileUID = val) /* IDs for creation */
|
||||
#define rsksiSetDirUID(ctx, val) ((ctx)->dirUID = val)
|
||||
#define rsksiSetFileGID(ctx, val) ((ctx)->fileGID= val)
|
||||
#define rsksiSetDirGID(ctx, val) ((ctx)->dirGID = val)
|
||||
#define rsksiSetCreateMode(ctx, val) ((ctx)->fCreateMode= val)
|
||||
#define rsksiSetDirCreateMode(ctx, val) ((ctx)->fDirCreateMode = val)
|
||||
|
||||
|
||||
|
||||
int rsksiSetAggregator(rsksictx ctx, char *uri, char *loginid, char *key);
|
||||
int rsksiSetHashFunction(rsksictx ctx, char *algName);
|
||||
int rsksiInit(char *usragent);
|
||||
void rsksiExit(void);
|
||||
rsksictx rsksiCtxNew(void);
|
||||
void rsksisetErrFunc(rsksictx ctx, void (*func)(void*, unsigned char *), void *usrptr);
|
||||
void rsksisetLogFunc(rsksictx ctx, void (*func)(void*, unsigned char *), void *usrptr);
|
||||
void reportKSIAPIErr(rsksictx ctx, ksifile ksi, const char *apiname, int ecode);
|
||||
ksifile rsksiCtxOpenFile(rsksictx ctx, unsigned char *logfn);
|
||||
int rsksifileDestruct(ksifile ksi);
|
||||
void rsksiCtxDel(rsksictx ctx);
|
||||
void sigblkInitKSI(ksifile ksi);
|
||||
int sigblkAddRecordKSI(ksifile ksi, const unsigned char *rec, const size_t len);
|
||||
int sigblkFinishKSI(ksifile ksi);
|
||||
int rsksiIntoImprintFromKSI_DataHash(imprint_t* imp, ksifile ksi, KSI_DataHash *hash);
|
||||
imprint_t* rsksiImprintFromKSI_DataHash(ksifile ksi, KSI_DataHash *hash);
|
||||
void rsksiimprintDel(imprint_t *imp);
|
||||
/* reader functions */
|
||||
int rsksi_tlvrdHeader(FILE *fp, unsigned char *hdr);
|
||||
int rsksi_tlvrd(FILE *fp, tlvrecord_t *rec, void *obj);
|
||||
void rsksi_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose);
|
||||
void rsksi_printBLOCK_HDR(FILE *fp, block_hdr_t *bh, uint8_t verbose);
|
||||
void rsksi_printBLOCK_SIG(FILE *fp, block_sig_t *bs, uint8_t verbose);
|
||||
int rsksi_getBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs, block_hdr_t **bh, uint8_t *bHasRecHashes,
|
||||
uint8_t *bHasIntermedHashes);
|
||||
int rsksi_getExcerptBlockParams(FILE *fp, uint8_t bRewind, block_sig_t **bs, block_hdr_t **bh);
|
||||
int rsksi_chkFileHdr(FILE *fp, char *expect, uint8_t verbose);
|
||||
ksifile rsksi_vrfyConstruct_gf(void);
|
||||
void rsksi_vrfyBlkInit(ksifile ksi, block_hdr_t *bh, uint8_t bHasRecHashes, uint8_t bHasIntermedHashes);
|
||||
int rsksi_vrfy_nextRec(ksifile ksi, FILE *sigfp, FILE *nsigfp, unsigned char *rec, size_t len, ksierrctx_t *ectx);
|
||||
int rsksi_vrfy_nextRecExtract(ksifile ksi, FILE *sigfp, FILE *nsigfp, unsigned char *rec, size_t len,
|
||||
ksierrctx_t *ectx, block_hashchain_t *hashchain, int storehashchain);
|
||||
int rsksi_vrfy_nextHashChain(ksifile ksi, block_sig_t *bs, FILE *sigfp, unsigned char *rec, size_t len,
|
||||
ksierrctx_t *ectx);
|
||||
int verifyBLOCK_HDRKSI(FILE *sigfp, FILE *nsigfp, tlvrecord_t* tlvrec);
|
||||
int verifyBLOCK_SIGKSI(block_sig_t *bs, ksifile ksi, FILE *sigfp, FILE *nsigfp, uint8_t bExtend,
|
||||
KSI_DataHash *ksiHash, ksierrctx_t *ectx);
|
||||
void rsksi_errctxInit(ksierrctx_t *ectx);
|
||||
void rsksi_errctxExit(ksierrctx_t *ectx);
|
||||
void rsksi_errctxSetErrRec(ksierrctx_t *ectx, char *rec);
|
||||
void rsksi_errctxFrstRecInBlk(ksierrctx_t *ectx, char *rec);
|
||||
void rsksi_objfree(uint16_t tlvtype, void *obj);
|
||||
void rsksi_set_debug(int iDebug);
|
||||
int rsksi_ConvertSigFile(FILE *oldsigfp, FILE *newsigfp, int verbose);
|
||||
int rsksi_WriteHashChain(FILE *newsigfp, block_hashchain_t *hashchain, int verbose);
|
||||
int rsksi_ExtractBlockSignature(FILE *newsigfp, block_sig_t *bsIn);
|
||||
int rsksi_tlvwrite(FILE *fp, tlvrecord_t *rec);
|
||||
int rsksi_tlvRecDecode(tlvrecord_t *rec, void *obj);
|
||||
int rsksi_tlvDecodeIMPRINT(tlvrecord_t *rec, imprint_t **imprint);
|
||||
int rsksi_tlvDecodeHASHCHAIN(tlvrecord_t *rec, block_hashchain_t **blhashchain);
|
||||
int verifySigblkFinish(ksifile ksi, KSI_DataHash **pRoot);
|
||||
int verifySigblkFinishChain(ksifile ksi, block_hashchain_t *hashchain, KSI_DataHash **pRoot, ksierrctx_t *ectx);
|
||||
void outputHash(FILE *fp, const char *hdr, const uint8_t *data, const uint16_t len, const uint8_t verbose);
|
||||
void outputKSIHash(FILE *fp, const char *hdr, const KSI_DataHash *const __restrict__ hash, const uint8_t verbose);
|
||||
int rsksi_setDefaultConstraint(ksifile ksi, char *stroid, char *strvalue);
|
||||
|
||||
/* TODO: replace these? */
|
||||
int hash_m_ksi(ksifile ksi, KSI_DataHash **m);
|
||||
int hash_r_ksi(ksifile ksi, KSI_DataHash **r, const unsigned char *rec, const size_t len);
|
||||
int hash_node_ksi(ksifile ksi, KSI_DataHash **node, KSI_DataHash *m, KSI_DataHash *r, uint8_t level);
|
||||
extern const char *rsksi_read_puburl; /**< url of publication server */
|
||||
extern const char *rsksi_extend_puburl; /**< url of extension server */
|
||||
extern const char *rsksi_userid; /**< userid for extension server */
|
||||
extern const char *rsksi_userkey; /**< userkey for extension server */
|
||||
extern uint8_t rsksi_read_showVerified;
|
||||
extern int RSKSI_FLAG_TLV16_RUNTIME;
|
||||
extern int RSKSI_FLAG_NONCRIT_RUNTIME;
|
||||
|
||||
#endif /* #ifndef INCLUDED_LIBRSKSI_H */
|
||||
@ -1,279 +0,0 @@
|
||||
/* lmsig_ksi.c
|
||||
*
|
||||
* An implementation of the sigprov interface for KSI.
|
||||
*
|
||||
* Copyright 2013-2016 Rainer Gerhards and Adiscon GmbH.
|
||||
*
|
||||
* This file is part of the rsyslog runtime library.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* -or-
|
||||
* see COPYING.ASL20 in the source distribution
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#include "config.h"
|
||||
|
||||
#include "rsyslog.h"
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "module-template.h"
|
||||
#include "glbl.h"
|
||||
#include "errmsg.h"
|
||||
#include "sigprov.h"
|
||||
#include "lmsig_ksi.h"
|
||||
|
||||
MODULE_TYPE_LIB
|
||||
MODULE_TYPE_NOKEEP
|
||||
|
||||
/* static data */
|
||||
DEFobjStaticHelpers
|
||||
DEFobjCurrIf(errmsg)
|
||||
DEFobjCurrIf(glbl)
|
||||
|
||||
/* tables for interfacing with the v6 config system */
|
||||
static struct cnfparamdescr cnfpdescr[] = {
|
||||
{ "sig.hashfunction", eCmdHdlrGetWord, 0 },
|
||||
{ "sig.aggregator.uri", eCmdHdlrGetWord, CNFPARAM_REQUIRED },
|
||||
{ "sig.aggregator.user", eCmdHdlrGetWord, CNFPARAM_REQUIRED },
|
||||
{ "sig.aggregator.key", eCmdHdlrGetWord, CNFPARAM_REQUIRED },
|
||||
{ "sig.block.sizelimit", eCmdHdlrSize, 0 },
|
||||
{ "sig.keeprecordhashes", eCmdHdlrBinary, 0 },
|
||||
{ "sig.keeptreehashes", eCmdHdlrBinary, 0 },
|
||||
{ "dirowner", eCmdHdlrUID, 0 }, /* legacy: dirowner */
|
||||
{ "dirownernum", eCmdHdlrInt, 0 }, /* legacy: dirownernum */
|
||||
{ "dirgroup", eCmdHdlrGID, 0 }, /* legacy: dirgroup */
|
||||
{ "dirgroupnum", eCmdHdlrInt, 0 }, /* legacy: dirgroupnum */
|
||||
{ "fileowner", eCmdHdlrUID, 0 }, /* legacy: fileowner */
|
||||
{ "fileownernum", eCmdHdlrInt, 0 }, /* legacy: fileownernum */
|
||||
{ "filegroup", eCmdHdlrGID, 0 }, /* legacy: filegroup */
|
||||
{ "filegroupnum", eCmdHdlrInt, 0 }, /* legacy: filegroupnum */
|
||||
{ "dircreatemode", eCmdHdlrFileCreateMode, 0 }, /* legacy: dircreatemode */
|
||||
{ "filecreatemode", eCmdHdlrFileCreateMode, 0 } /* legacy: filecreatemode */
|
||||
};
|
||||
static struct cnfparamblk pblk =
|
||||
{ CNFPARAMBLK_VERSION,
|
||||
sizeof(cnfpdescr)/sizeof(struct cnfparamdescr),
|
||||
cnfpdescr
|
||||
};
|
||||
|
||||
|
||||
static void
|
||||
errfunc(__attribute__((unused)) void *usrptr, uchar *emsg)
|
||||
{
|
||||
errmsg.LogError(0, RS_RET_SIGPROV_ERR, "KSI Signature Provider"
|
||||
"Error: %s", emsg);
|
||||
}
|
||||
|
||||
static void
|
||||
logfunc(__attribute__((unused)) void *usrptr, uchar *emsg)
|
||||
{
|
||||
errmsg.LogMsg(0, RS_RET_NO_ERRCODE, LOG_INFO,
|
||||
"KSI Signature Provider: %s", emsg);
|
||||
}
|
||||
|
||||
|
||||
/* Standard-Constructor
|
||||
*/
|
||||
BEGINobjConstruct(lmsig_ksi)
|
||||
pThis->ctx = rsksiCtxNew();
|
||||
rsksisetErrFunc(pThis->ctx, errfunc, NULL);
|
||||
rsksisetLogFunc(pThis->ctx, logfunc, NULL);
|
||||
ENDobjConstruct(lmsig_ksi)
|
||||
|
||||
|
||||
/* destructor for the lmsig_ksi object */
|
||||
BEGINobjDestruct(lmsig_ksi) /* be sure to specify the object type also in END and CODESTART macros! */
|
||||
CODESTARTobjDestruct(lmsig_ksi)
|
||||
rsksiCtxDel(pThis->ctx);
|
||||
ENDobjDestruct(lmsig_ksi)
|
||||
|
||||
|
||||
/* apply all params from param block to us. This must be called
|
||||
* after construction, but before the OnFileOpen() entry point.
|
||||
* Defaults are expected to have been set during construction.
|
||||
*/
|
||||
static rsRetVal
|
||||
SetCnfParam(void *pT, struct nvlst *lst)
|
||||
{
|
||||
char *ag_uri = NULL, *ag_loginid = NULL, *ag_key = NULL;
|
||||
lmsig_ksi_t *pThis = (lmsig_ksi_t*) pT;
|
||||
int i;
|
||||
uchar *cstr;
|
||||
struct cnfparamvals *pvals;
|
||||
DEFiRet;
|
||||
pvals = nvlstGetParams(lst, &pblk, NULL);
|
||||
if(pvals == NULL) {
|
||||
ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS);
|
||||
}
|
||||
if(Debug) {
|
||||
dbgprintf("sig param blk in lmsig_ksi:\n");
|
||||
cnfparamsPrint(&pblk, pvals);
|
||||
}
|
||||
|
||||
for(i = 0 ; i < pblk.nParams ; ++i) {
|
||||
if(!pvals[i].bUsed)
|
||||
continue;
|
||||
if(!strcmp(pblk.descr[i].name, "sig.hashfunction")) {
|
||||
cstr = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL);
|
||||
if(rsksiSetHashFunction(pThis->ctx, (char*)cstr) == 2) {
|
||||
errmsg.LogError(0, RS_RET_ERR, "Hash function "
|
||||
"'%s' has been removed due to insecurity - "
|
||||
"using default", cstr);
|
||||
} else if(rsksiSetHashFunction(pThis->ctx, (char*)cstr) != 0) {
|
||||
errmsg.LogError(0, RS_RET_ERR, "Hash function "
|
||||
"'%s' unknown - using default", cstr);
|
||||
}
|
||||
free(cstr);
|
||||
} else if(!strcmp(pblk.descr[i].name, "sig.aggregator.uri")) {
|
||||
ag_uri = es_str2cstr(pvals[i].val.d.estr, NULL);
|
||||
} else if(!strcmp(pblk.descr[i].name, "sig.aggregator.user")) {
|
||||
ag_loginid = es_str2cstr(pvals[i].val.d.estr, NULL);
|
||||
} else if(!strcmp(pblk.descr[i].name, "sig.aggregator.key")) {
|
||||
ag_key = es_str2cstr(pvals[i].val.d.estr, NULL);
|
||||
} else if(!strcmp(pblk.descr[i].name, "sig.block.sizelimit")) {
|
||||
rsksiSetBlockSizeLimit(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if(!strcmp(pblk.descr[i].name, "sig.keeprecordhashes")) {
|
||||
rsksiSetKeepRecordHashes(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if(!strcmp(pblk.descr[i].name, "sig.keeptreehashes")) {
|
||||
rsksiSetKeepTreeHashes(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "dirowner")) {
|
||||
rsksiSetDirUID(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "dirownernum")) {
|
||||
rsksiSetDirUID(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "dirgroup")) {
|
||||
rsksiSetDirGID(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "dirgroupnum")) {
|
||||
rsksiSetDirGID(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "fileowner")) {
|
||||
rsksiSetFileUID(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "fileownernum")) {
|
||||
rsksiSetFileUID(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "filegroup")) {
|
||||
rsksiSetFileGID(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "filegroupnum")) {
|
||||
rsksiSetFileGID(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "dircreatemode")) {
|
||||
rsksiSetDirCreateMode(pThis->ctx, pvals[i].val.d.n);
|
||||
} else if (!strcmp(pblk.descr[i].name, "filecreatemode")) {
|
||||
rsksiSetCreateMode(pThis->ctx, pvals[i].val.d.n);
|
||||
} else {
|
||||
DBGPRINTF("lmsig_ksi: program error, non-handled "
|
||||
"param '%s'\n", pblk.descr[i].name);
|
||||
}
|
||||
}
|
||||
|
||||
if(rsksiSetAggregator(pThis->ctx, ag_uri, ag_loginid, ag_key) != KSI_OK)
|
||||
ABORT_FINALIZE(RS_RET_KSI_ERR);
|
||||
|
||||
free(ag_uri);
|
||||
free(ag_loginid);
|
||||
free(ag_key);
|
||||
finalize_it:
|
||||
if(pvals != NULL)
|
||||
cnfparamvalsDestruct(pvals, &pblk);
|
||||
RETiRet;
|
||||
}
|
||||
|
||||
|
||||
static rsRetVal
|
||||
OnFileOpen(void *pT, uchar *fn, void *pGF)
|
||||
{
|
||||
lmsig_ksi_t *pThis = (lmsig_ksi_t*) pT;
|
||||
ksifile *pgf = (ksifile*) pGF;
|
||||
DEFiRet;
|
||||
DBGPRINTF("lmsig_ksi: onFileOpen: %s\n", fn);
|
||||
/* note: if *pgf is set to NULL, this auto-disables GT functions */
|
||||
*pgf = rsksiCtxOpenFile(pThis->ctx, fn);
|
||||
sigblkInitKSI(*pgf);
|
||||
RETiRet;
|
||||
}
|
||||
|
||||
/* Note: we assume that the record is terminated by a \n.
|
||||
* As of the GuardTime paper, \n is not part of the signed
|
||||
* message, so we subtract one from the record size. This
|
||||
* may cause issues with non-standard formats, but let's
|
||||
* see how things evolve (the verifier will not work in
|
||||
* any case when the records are not \n delimited...).
|
||||
* rgerhards, 2013-03-17
|
||||
*/
|
||||
static rsRetVal
|
||||
OnRecordWrite(void *pF, uchar *rec, rs_size_t lenRec)
|
||||
{
|
||||
DEFiRet;
|
||||
DBGPRINTF("lmsig_ksi: onRecordWrite (%d): %s\n", lenRec-1, rec);
|
||||
sigblkAddRecordKSI(pF, rec, lenRec-1);
|
||||
|
||||
RETiRet;
|
||||
}
|
||||
|
||||
static rsRetVal
|
||||
OnFileClose(void *pF)
|
||||
{
|
||||
DEFiRet;
|
||||
DBGPRINTF("lmsig_ksi: onFileClose\n");
|
||||
rsksifileDestruct(pF);
|
||||
|
||||
RETiRet;
|
||||
}
|
||||
|
||||
BEGINobjQueryInterface(lmsig_ksi)
|
||||
CODESTARTobjQueryInterface(lmsig_ksi)
|
||||
if(pIf->ifVersion != sigprovCURR_IF_VERSION) {/* check for current version, increment on each change */
|
||||
ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
|
||||
}
|
||||
pIf->Construct = (rsRetVal(*)(void*)) lmsig_ksiConstruct;
|
||||
pIf->SetCnfParam = SetCnfParam;
|
||||
pIf->Destruct = (rsRetVal(*)(void*)) lmsig_ksiDestruct;
|
||||
pIf->OnFileOpen = OnFileOpen;
|
||||
pIf->OnRecordWrite = OnRecordWrite;
|
||||
pIf->OnFileClose = OnFileClose;
|
||||
finalize_it:
|
||||
ENDobjQueryInterface(lmsig_ksi)
|
||||
|
||||
|
||||
BEGINObjClassExit(lmsig_ksi, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
|
||||
CODESTARTObjClassExit(lmsig_ksi)
|
||||
/* release objects we no longer need */
|
||||
objRelease(errmsg, CORE_COMPONENT);
|
||||
objRelease(glbl, CORE_COMPONENT);
|
||||
ENDObjClassExit(lmsig_ksi)
|
||||
|
||||
|
||||
BEGINObjClassInit(lmsig_ksi, 1, OBJ_IS_LOADABLE_MODULE) /* class, version */
|
||||
/* request objects we use */
|
||||
CHKiRet(objUse(errmsg, CORE_COMPONENT));
|
||||
CHKiRet(objUse(glbl, CORE_COMPONENT));
|
||||
ENDObjClassInit(lmsig_ksi)
|
||||
|
||||
|
||||
/* --------------- here now comes the plumbing that makes as a library module --------------- */
|
||||
|
||||
|
||||
BEGINmodExit
|
||||
CODESTARTmodExit
|
||||
lmsig_ksiClassExit();
|
||||
ENDmodExit
|
||||
|
||||
|
||||
BEGINqueryEtryPt
|
||||
CODESTARTqueryEtryPt
|
||||
CODEqueryEtryPt_STD_LIB_QUERIES
|
||||
ENDqueryEtryPt
|
||||
|
||||
|
||||
BEGINmodInit()
|
||||
CODESTARTmodInit
|
||||
*ipIFVersProvided = CURR_MOD_IF_VERSION;
|
||||
CHKiRet(lmsig_ksiClassInit(pModInfo));
|
||||
ENDmodInit
|
||||
@ -1,41 +0,0 @@
|
||||
/* An implementation of the sigprov interface for KSI.
|
||||
*
|
||||
* Copyright 2013-2015 Adiscon GmbH.
|
||||
*
|
||||
* This file is part of the rsyslog runtime library.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* -or-
|
||||
* see COPYING.ASL20 in the source distribution
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef INCLUDED_LMSIG_KSI_H
|
||||
#define INCLUDED_LMSIG_KSI_H
|
||||
#include "sigprov.h"
|
||||
#include "librsgt_common.h"
|
||||
#include "librsksi.h"
|
||||
|
||||
/* interface is defined in sigprov.h, we just implement it! */
|
||||
#define lmsig_ksiCURR_IF_VERSION sigprovCURR_IF_VERSION
|
||||
typedef sigprov_if_t lmsig_ksi_if_t;
|
||||
|
||||
/* the lmsig_ksi object */
|
||||
struct lmsig_ksi_s {
|
||||
BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */
|
||||
rsksictx ctx; /* librsksi context - contains all we need */
|
||||
};
|
||||
typedef struct lmsig_ksi_s lmsig_ksi_t;
|
||||
|
||||
/* prototypes */
|
||||
PROTOTYPEObj(lmsig_ksi);
|
||||
|
||||
#endif /* #ifndef INCLUDED_LMSIG_KSI_H */
|
||||
@ -278,25 +278,6 @@ TESTS += \
|
||||
fac_local0-vg.sh
|
||||
endif # HAVE_VALGRIND
|
||||
|
||||
if ENABLE_USERTOOLS
|
||||
if ENABLE_GT_KSI
|
||||
TESTS += \
|
||||
ksi-verify-short.sh \
|
||||
ksi-verify-long.sh \
|
||||
ksi-verify-cnstr-short.sh \
|
||||
ksi-verify-cnstr-long.sh \
|
||||
ksi-extract-verify-short.sh \
|
||||
ksi-extract-verify-long.sh
|
||||
if HAVE_VALGRIND
|
||||
TESTS += \
|
||||
ksi-verify-short-vg.sh \
|
||||
ksi-verify-long-vg.sh \
|
||||
ksi-extract-verify-short-vg.sh \
|
||||
ksi-extract-verify-long-vg.sh
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
if ENABLE_OMJOURNAL
|
||||
TESTS += \
|
||||
omjournal-abort-template.sh \
|
||||
@ -1527,18 +1508,6 @@ EXTRA_DIST= \
|
||||
json_var_case.sh \
|
||||
testsuites/json_var_case.conf \
|
||||
cfg.sh \
|
||||
testsuites/ksi-sample.log \
|
||||
testsuites/ksi-sample.log.ksisig \
|
||||
ksi-verify-short.sh \
|
||||
ksi-verify-long.sh \
|
||||
ksi-extract-verify-short.sh \
|
||||
ksi-extract-verify-long.sh \
|
||||
ksi-verify-cnstr-short.sh \
|
||||
ksi-verify-cnstr-long.sh \
|
||||
ksi-verify-short-vg.sh \
|
||||
ksi-verify-long-vg.sh \
|
||||
ksi-extract-verify-short-vg.sh \
|
||||
ksi-extract-verify-long-vg.sh \
|
||||
empty-prop-comparison.sh \
|
||||
sndrcv_tls_anon_rebind.sh \
|
||||
testsuites/sndrcv_tls_anon_rebind_sender.conf \
|
||||
|
||||
@ -1,47 +0,0 @@
|
||||
#!/bin/bash
|
||||
# rsgtutil utility test
|
||||
# Extract lines from sample logdata and verifies against public
|
||||
# ksi verification repository. Test uses valgrind.
|
||||
#
|
||||
# This file is part of the rsyslog project, released under ASL 2.0
|
||||
#
|
||||
# Copyright 2016 Rainer Gerhards and Adiscon GmbH.
|
||||
RSYSLOG_KSI_BIN="http://verify.guardtime.com/ksi-publications.bin"
|
||||
RSYSLOG_KSI_DEBUG="--show-verified"
|
||||
RSYSLOG_KSI_LOG="ksi-sample.log"
|
||||
|
||||
echo "[ksi-extract-verify-long-vg.sh]: testing rsgtutil extract with valgrind - long options"
|
||||
. $srcdir/diag.sh init
|
||||
|
||||
echo "running rsgtutil extract command"
|
||||
valgrind $RS_TESTBENCH_VALGRIND_EXTRA_OPTS --log-fd=1 --error-exitcode=10 --malloc-fill=ff --free-fill=fe --leak-check=full ../tools/rsgtutil $RSYSLOG_KSI_DEBUG --extract 4,8,21 --output $srcdir/ksi-export.log --publications-server $RSYSLOG_KSI_BIN $srcdir/testsuites/$RSYSLOG_KSI_LOG
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-extract-verify-long-vg.sh]: rsgtutil extract failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-extract-verify-long-vg.sh]: rsgtutil extract failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "running rsgtutil verify command"
|
||||
valgrind $RS_TESTBENCH_VALGRIND_EXTRA_OPTS --log-fd=1 --error-exitcode=10 --malloc-fill=ff --free-fill=fe --leak-check=full ../tools/rsgtutil $RSYSLOG_KSI_DEBUG --verify --publications-server http://verify.guardtime.com/ksi-publications.bin $srcdir/ksi-export.log
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-extract-verify-long-vg.sh]: rsgtutil verify failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-extract-verify-long-vg.sh]: rsgtutil verify failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
# Cleanup temp files
|
||||
rm -f $srcdir/ksi-export.*
|
||||
|
||||
echo SUCCESS: rsgtutil extract with valgrind - long options
|
||||
@ -1,47 +0,0 @@
|
||||
#!/bin/bash
|
||||
# rsgtutil utility test
|
||||
# Extract lines from sample logdata and verifies against public
|
||||
# ksi verification repository.
|
||||
#
|
||||
# This file is part of the rsyslog project, released under ASL 2.0
|
||||
#
|
||||
# Copyright 2016 Rainer Gerhards and Adiscon GmbH.
|
||||
RSYSLOG_KSI_BIN="http://verify.guardtime.com/ksi-publications.bin"
|
||||
RSYSLOG_KSI_DEBUG="--show-verified"
|
||||
RSYSLOG_KSI_LOG="ksi-sample.log"
|
||||
|
||||
echo "[ksi-extract-verify-long.sh]: testing rsgtutil extract function - long options"
|
||||
. $srcdir/diag.sh init
|
||||
|
||||
echo "running rsgtutil extract command"
|
||||
../tools/rsgtutil $RSYSLOG_KSI_DEBUG --extract 4,8,21 --output $srcdir/ksi-export.log --publications-server http://verify.guardtime.com/ksi-publications.bin $srcdir/testsuites/$RSYSLOG_KSI_LOG
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-extract-verify-long.sh]: rsgtutil extract failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-extract-verify-long.sh]: rsgtutil extract failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "running rsgtutil verify command"
|
||||
../tools/rsgtutil $RSYSLOG_KSI_DEBUG --verify --publications-server http://verify.guardtime.com/ksi-publications.bin $srcdir/ksi-export.log
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-extract-verify-long.sh]: rsgtutil verify failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-extract-verify-long.sh]: rsgtutil verify failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
# Cleanup temp files
|
||||
rm -f $srcdir/ksi-export.*
|
||||
|
||||
echo SUCCESS: rsgtutil extract function - long options
|
||||
@ -1,47 +0,0 @@
|
||||
#!/bin/bash
|
||||
# rsgtutil utility test
|
||||
# Extract lines from sample logdata and verifies against public
|
||||
# ksi verification repository. Test uses valgrind.
|
||||
#
|
||||
# This file is part of the rsyslog project, released under ASL 2.0
|
||||
#
|
||||
# Copyright 2016 Rainer Gerhards and Adiscon GmbH.
|
||||
RSYSLOG_KSI_BIN="http://verify.guardtime.com/ksi-publications.bin"
|
||||
RSYSLOG_KSI_DEBUG="-s"
|
||||
RSYSLOG_KSI_LOG="ksi-sample.log"
|
||||
|
||||
echo "[ksi-extract-verify-short-vg.sh]: testing rsgtutil extract with valgrind - short options"
|
||||
. $srcdir/diag.sh init
|
||||
|
||||
echo "running rsgtutil extract command"
|
||||
valgrind $RS_TESTBENCH_VALGRIND_EXTRA_OPTS --log-fd=1 --error-exitcode=10 --malloc-fill=ff --free-fill=fe --leak-check=full ../tools/rsgtutil $RSYSLOG_KSI_DEBUG -x 4,8,21 -o $srcdir/ksi-export.log -P http://verify.guardtime.com/ksi-publications.bin $srcdir/testsuites/$RSYSLOG_KSI_LOG
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-extract-verify-short-vg.sh]: rsgtutil extract failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-extract-verify-short-vg.sh]: rsgtutil extract failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "running rsgtutil verify command"
|
||||
valgrind $RS_TESTBENCH_VALGRIND_EXTRA_OPTS --log-fd=1 --error-exitcode=10 --malloc-fill=ff --free-fill=fe --leak-check=full ../tools/rsgtutil $RSYSLOG_KSI_DEBUG -t -P http://verify.guardtime.com/ksi-publications.bin $srcdir/ksi-export.log
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-extract-verify-short-vg.sh]: rsgtutil verify failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-extract-verify-short-vg.sh]: rsgtutil verify failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
# Cleanup temp files
|
||||
rm -f $srcdir/ksi-export.*
|
||||
|
||||
echo SUCCESS: rsgtutil extract with valgrind - short options
|
||||
@ -1,51 +0,0 @@
|
||||
#!/bin/bash
|
||||
# rsgtutil utility test
|
||||
# Extract lines from sample logdata and verifies against public
|
||||
# ksi verification repository.
|
||||
#
|
||||
# This file is part of the rsyslog project, released under ASL 2.0
|
||||
#
|
||||
# Copyright 2016 Rainer Gerhards and Adiscon GmbH.
|
||||
RSYSLOG_KSI_BIN="http://verify.guardtime.com/ksi-publications.bin"
|
||||
RSYSLOG_KSI_DEBUG="-s"
|
||||
RSYSLOG_KSI_LOG="ksi-sample.log"
|
||||
|
||||
echo "[ksi-extract-verify-short.sh]: testing rsgtutil extract function - short options"
|
||||
. $srcdir/diag.sh init
|
||||
|
||||
echo "running rsgtutil extract command"
|
||||
../tools/rsgtutil $RSYSLOG_KSI_DEBUG -x 4,8,21 -o $srcdir/ksi-export.log -P http://verify.guardtime.com/ksi-publications.bin $srcdir/testsuites/$RSYSLOG_KSI_LOG
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-extract-verify-short.sh]: rsgtutil extract failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-extract-verify-short.sh]: rsgtutil extract failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then
|
||||
echo "[.sh]: rsgtutil extract failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
echo "running rsgtutil verify command"../tools/rsgtutil -t -P http://verify.guardtime.com/ksi-publications.bin $srcdir/ksi-export.log
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-extract-verify-short.sh]: rsgtutil verify failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-extract-verify-short.sh]: rsgtutil verify failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
# Cleanup temp files
|
||||
rm -f $srcdir/ksi-export.*
|
||||
|
||||
echo SUCCESS: rsgtutil extract function - short options
|
||||
@ -1,33 +0,0 @@
|
||||
#!/bin/bash
|
||||
# rsgtutil utility test
|
||||
# Verifies sample logdata against public ksi verification repository.
|
||||
# Adds --cnstr parameter
|
||||
#
|
||||
# This file is part of the rsyslog project, released under ASL 2.0
|
||||
#
|
||||
# Copyright 2016 Rainer Gerhards and Adiscon GmbH.
|
||||
RSYSLOG_KSI_BIN="http://verify.guardtime.com/ksi-publications.bin"
|
||||
RSYSLOG_KSI_DEBUG="--show-verified"
|
||||
RSYSLOG_KSI_LOG="ksi-sample.log"
|
||||
|
||||
echo \[ksi-verify-cnstr-long.sh\]: testing rsgtutil verify function \(With cnstr param\) - long options
|
||||
. $srcdir/diag.sh init
|
||||
|
||||
echo "running rsgtutil command with long options"
|
||||
../tools/rsgtutil $RSYSLOG_KSI_DEBUG --verify --publications-server $RSYSLOG_KSI_BIN --cnstr KSI_CERT_EMAIL=publications@guardtime.com $srcdir/testsuites/$RSYSLOG_KSI_LOG
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-verify-cnstr-long.sh]: rsgtutil verify failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-verify-cnstr-long.sh]: rsgtutil verify failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
# Cleanup temp files
|
||||
rm -f rsgtutil.out*.log
|
||||
|
||||
echo SUCCESS: rsgtutil verify function \(With cnstr param\) - long options
|
||||
@ -1,33 +0,0 @@
|
||||
#!/bin/bash
|
||||
# rsgtutil utility test
|
||||
# Verifies sample logdata against public ksi verification repository.
|
||||
# Adds -C parameter
|
||||
#
|
||||
# This file is part of the rsyslog project, released under ASL 2.0
|
||||
#
|
||||
# Copyright 2016 Rainer Gerhards and Adiscon GmbH.
|
||||
RSYSLOG_KSI_BIN="http://verify.guardtime.com/ksi-publications.bin"
|
||||
RSYSLOG_KSI_DEBUG="-s"
|
||||
RSYSLOG_KSI_LOG="ksi-sample.log"
|
||||
|
||||
echo \[ksi-verify-cnstr-short.sh\]: testing rsgtutil verify function \(With cnstr param\) - short options
|
||||
. $srcdir/diag.sh init
|
||||
|
||||
echo "running rsgtutil command with short options"
|
||||
../tools/rsgtutil $RSYSLOG_KSI_DEBUG -t -P $RSYSLOG_KSI_BIN -C KSI_CERT_EMAIL=publications@guardtime.com $srcdir/testsuites/$RSYSLOG_KSI_LOG
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-verify-cnstr-short.sh]: rsgtutil verify failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-verify-cnstr-short.sh]: rsgtutil verify failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
# Cleanup temp files
|
||||
rm -f rsgtutil.out*.log
|
||||
|
||||
echo SUCCESS: rsgtutil verify function \(With cnstr param\) - short options
|
||||
@ -1,33 +0,0 @@
|
||||
#!/bin/bash
|
||||
# rsgtutil utility test
|
||||
# Verifies sample logdata against public ksi verification repository.
|
||||
# Test uses valgrind.
|
||||
#
|
||||
# This file is part of the rsyslog project, released under ASL 2.0
|
||||
#
|
||||
# Copyright 2016 Rainer Gerhards and Adiscon GmbH.
|
||||
RSYSLOG_KSI_BIN="http://verify.guardtime.com/ksi-publications.bin"
|
||||
RSYSLOG_KSI_DEBUG="--show-verified"
|
||||
RSYSLOG_KSI_LOG="ksi-sample.log"
|
||||
|
||||
echo \[ksi-verify-long-vg.sh\]: testing rsgtutil verify with valgrind - long options
|
||||
. $srcdir/diag.sh init
|
||||
|
||||
echo "running rsgtutil command with long options"
|
||||
valgrind $RS_TESTBENCH_VALGRIND_EXTRA_OPTS --log-fd=1 --error-exitcode=10 --malloc-fill=ff --free-fill=fe --leak-check=full ../tools/rsgtutil $RSYSLOG_KSI_DEBUG --verify --publications-server $RSYSLOG_KSI_BIN $srcdir/testsuites/$RSYSLOG_KSI_LOG
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-verify-long-vg.sh]: rsgtutil verify failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-verify-long-vg.sh]: rsgtutil verify failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
# Cleanup temp files
|
||||
rm -f rsgtutil.out*.log
|
||||
|
||||
echo SUCCESS: rsgtutil verify function with valgrind- long options
|
||||
@ -1,33 +0,0 @@
|
||||
#!/bin/bash
|
||||
# rsgtutil utility test
|
||||
# Verifies sample logdata against public ksi verification repository.
|
||||
# Test uses valgrind.
|
||||
#
|
||||
# This file is part of the rsyslog project, released under ASL 2.0
|
||||
#
|
||||
# Copyright 2016 Rainer Gerhards and Adiscon GmbH.
|
||||
RSYSLOG_KSI_BIN="http://verify.guardtime.com/ksi-publications.bin"
|
||||
RSYSLOG_KSI_DEBUG="-s"
|
||||
RSYSLOG_KSI_LOG="ksi-sample.log"
|
||||
|
||||
echo \[ksi-verify-short-vg.sh\]: testing rsgtutil verify with valgrind - short options
|
||||
. $srcdir/diag.sh init
|
||||
|
||||
echo "running rsgtutil command with short options"
|
||||
valgrind $RS_TESTBENCH_VALGRIND_EXTRA_OPTS --log-fd=1 --error-exitcode=10 --malloc-fill=ff --free-fill=fe --leak-check=full ../tools/rsgtutil $RSYSLOG_KSI_DEBUG -t -s -P $RSYSLOG_KSI_BIN $srcdir/testsuites/$RSYSLOG_KSI_LOG
|
||||
|
||||
RSYSLOGD_EXIT=$?
|
||||
if [ "$RSYSLOGD_EXIT" -ne "0" ]; then # EX_OK
|
||||
if [ "$RSYSLOGD_EXIT" -eq "69" ]; then # EX_UNAVAILABLE
|
||||
echo "[ksi-verify-short-vg.sh]: rsgtutil verify failed with service unavailable (does not generate an error)"
|
||||
exit 77;
|
||||
else
|
||||
echo "[ksi-verify-short-vg.sh]: rsgtutil verify failed with error: " $RSYSLOGD_EXIT
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
# Cleanup temp files
|
||||
rm -f rsgtutil.out*.log
|
||||
|
||||
echo SUCCESS: rsgtutil verify function with valgrind - short options
|
||||
@ -96,25 +96,7 @@ man1_MANS += rsgtutil.1
|
||||
CLEANFILES += rsgtutil.1
|
||||
EXTRA_DIST+= rsgtutil.1
|
||||
endif
|
||||
if ENABLE_GT_KSI
|
||||
rsgtutil_CPPFLAGS += $(GT_KSI_CFLAGS) -DENABLEKSI
|
||||
rsgtutil_LDADD += ../runtime/librsksi.la $(GT_KSI_LIBS)
|
||||
endif
|
||||
else
|
||||
if ENABLE_GT_KSI
|
||||
bin_PROGRAMS += rsgtutil
|
||||
rsgtutil = rsgtutil.c
|
||||
rsgtutil_CPPFLAGS = $(RSRT_CFLAGS) $(GT_KSI_CFLAGS) -DENABLEKSI
|
||||
rsgtutil_LDADD = ../runtime/librsksi.la $(GT_KSI_LIBS)
|
||||
if ENABLE_GENERATE_MAN_PAGES
|
||||
RSTMANFILE = rsgtutil.rst
|
||||
rsgtutil.1: $(RSTMANFILE)
|
||||
$(AM_V_GEN) $(RST2MAN) $(RSTMANFILE) $@
|
||||
man1_MANS += rsgtutil.1
|
||||
CLEANFILES += rsgtutil.1
|
||||
EXTRA_DIST+= rsgtutil.1
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
if ENABLE_LIBGCRYPT
|
||||
bin_PROGRAMS += rscryutil
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user