GT: Implemented format conversion function into rsgtutil

Using a new command switch -c, old V10 signature files can be converted into V11. closes https://github.com/rsyslog/rsyslog/issues/364
2026-06-20 12:12:56 +02:00 · 2015-06-26 02:21:31 -07:00 · 2015-06-26 02:21:31 -07:00 · 6ec2d564dd
commit 6ec2d564dd
parent c6b96455cf
8 changed files with 527 additions and 27 deletions
--- a/runtime/librsgt.c
+++ b/runtime/librsgt.c
@ -60,6 +60,8 @@ typedef unsigned char uchar;
 #define VERSION "no-version"
 #endif
 int RSGT_FLAG_TLV16_RUNTIME = RSGT_FLAG_TLV16;
 int RSGT_FLAG_NONCRIT_RUNTIME = RSGT_FLAG_NONCRIT; 
 static void
 reportErr(gtctx ctx, char *errmsg)
@ -282,26 +284,26 @@ done:	return r;
 }
-int
+static int
 tlv8Write(gtfile gf, int flags, int tlvtype, int len)
 {
 	int r;
 	assert((flags & RSGT_TYPE_MASK) == 0);
 	assert((tlvtype & RSGT_TYPE_MASK) == tlvtype);
-	r = tlvbufAddOctet(gf, (flags & ~RSGT_FLAG_TLV16) | tlvtype);
+	r = tlvbufAddOctet(gf, (flags & ~RSGT_FLAG_TLV16_RUNTIME) | tlvtype);
 	if(r != 0) goto done;
 	r = tlvbufAddOctet(gf, len & 0xff);
 done:	return r;
 } 
-int
+static int
 tlv16Write(gtfile gf, int flags, int tlvtype, uint16_t len)
 {
 	uint16_t typ;
 	int r;
 	assert((flags & RSGT_TYPE_MASK) == 0);
 	assert((tlvtype >> 8 & RSGT_TYPE_MASK) == (tlvtype >> 8));
-	typ = ((flags | RSGT_FLAG_TLV16) << 8) | tlvtype;
+	typ = ((flags | RSGT_FLAG_TLV16_RUNTIME) << 8) | tlvtype;
 	r = tlvbufAddOctet(gf, typ >> 8);
 	if(r != 0) goto done;
 	r = tlvbufAddOctet(gf, typ & 0xff);
--- a/runtime/librsgt.h
+++ b/runtime/librsgt.h
@ -342,6 +342,14 @@ void rsgt_errctxFrstRecInBlk(gterrctx_t *ectx, char *rec);
 void rsgt_objfree(uint16_t tlvtype, void *obj);
 void rsgt_set_debug(int iDebug); 
 int rsgt_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose); 
 // int tlvbufAddOctet(gtfile gf, int8_t octet); 
 // int tlvbufAddOctetString(gtfile gf, uint8_t *octet, int size); 
 // int tlvbufAddInt64(gtfile gf, uint64_t val); 
 // uint8_t tlvbufGetInt64OctetSize(uint64_t val); 
 // int tlvbufPhysWrite(gtfile gf); 
 /* TODO: replace these? */
 int hash_m(gtfile gf, GTDataHash **m);
@ -349,5 +357,7 @@ int hash_r(gtfile gf, GTDataHash **r, const unsigned char *rec, const size_t len
 int hash_node(gtfile gf, GTDataHash **node, GTDataHash *m, GTDataHash *r, uint8_t level);
 extern char *rsgt_read_puburl; /**< url of publication server */
 extern uint8_t rsgt_read_showVerified;
 extern int RSGT_FLAG_TLV16_RUNTIME;
 extern int RSGT_FLAG_NONCRIT_RUNTIME; 
 #endif  /* #ifndef INCLUDED_LIBRSGT_H */
--- a/runtime/librsgt_common.h
+++ b/runtime/librsgt_common.h
@ -82,7 +82,7 @@ sigTypeName(uint8_t sigID)
 /* Flags and record types for TLV handling */
 #define RSGT_FLAG_NONCRIT 0x20
 #define RSGT_FLAG_FORWARD 0x40
 #define RSGT_FLAG_TLV16 0x80
 #define RSGT_TYPE_MASK 0x1f
 #define RSGT_FLAG_TLV16 0x80
 #endif  /* #ifndef INCLUDED_LIBRSGTCM_H */
--- a/runtime/librsgt_read.c
+++ b/runtime/librsgt_read.c
@ -64,6 +64,12 @@ uint8_t rsgt_read_showVerified = 0;
 /* check return state of operation and abort, if non-OK */
 #define CHKr(code) if((r = code) != 0) goto done
 static void
 errfunc(__attribute__((unused)) void *usrptr, uchar *emsg)
 {
 	if (rsgt_read_debug)
 		printf("Internal Error: %s \n", emsg);
 }
 /* if verbose==0, only the first and last two octets are shown,
 * otherwise everything.
@ -201,6 +207,110 @@ reportVerifySuccess(gterrctx_t *ectx, GTVerificationInfo *vrfyInf)
 	}
 }
 /* return the actual length in to-be-written octets of an integer */
 static inline uint8_t
 rsgt_tlvGetInt64OctetSize(uint64_t val)
 {
 	if(val >> 56)
 		return 8;
 	if((val >> 48) & 0xff)
 		return 7;
 	if((val >> 40) & 0xff)
 		return 6;
 	if((val >> 32) & 0xff)
 		return 5;
 	if((val >> 24) & 0xff)
 		return 4;
 	if((val >> 16) & 0xff)
 		return 3;
 	if((val >> 8) & 0xff)
 		return 2;
 	return 1;
 }
 static inline int rsgt_tlvfileAddOctet(FILE *newsigfp, int8_t octet)
 {
 	/* Directory write into file */
 	int r = 0;
 	if ( fputc(octet, newsigfp) == EOF ) 
 		r = RSGTE_IO; 
 done:	return r;
 }
 static inline int rsgt_tlvfileAddOctetString(FILE *newsigfp, uint8_t *octet, int size)
 {
 	int i, r = 0;
 	for(i = 0 ; i < size ; ++i) {
 		r = rsgt_tlvfileAddOctet(newsigfp, octet[i]);
 		if(r != 0) goto done;
 	}
 done:	return r;
 }
 static inline int rsgt_tlvfileAddInt64(FILE *newsigfp, uint64_t val)
 {
 	uint8_t doWrite = 0;
 	int r;
 	if(val >> 56) {
 		r = rsgt_tlvfileAddOctet(newsigfp, (val >> 56) & 0xff), doWrite = 1;
 		if(r != 0) goto done;
 	}
 	if(doWrite || ((val >> 48) & 0xff)) {
 		r = rsgt_tlvfileAddOctet(newsigfp, (val >> 48) & 0xff), doWrite = 1;
 		if(r != 0) goto done;
 	}
 	if(doWrite || ((val >> 40) & 0xff)) {
 		r = rsgt_tlvfileAddOctet(newsigfp, (val >> 40) & 0xff), doWrite = 1;
 		if(r != 0) goto done;
 	}
 	if(doWrite || ((val >> 32) & 0xff)) {
 		r = rsgt_tlvfileAddOctet(newsigfp, (val >> 32) & 0xff), doWrite = 1;
 		if(r != 0) goto done;
 	}
 	if(doWrite || ((val >> 24) & 0xff)) {
 		r = rsgt_tlvfileAddOctet(newsigfp, (val >> 24) & 0xff), doWrite = 1;
 		if(r != 0) goto done;
 	}
 	if(doWrite || ((val >> 16) & 0xff)) {
 		r = rsgt_tlvfileAddOctet(newsigfp, (val >> 16) & 0xff), doWrite = 1;
 		if(r != 0) goto done;
 	}
 	if(doWrite || ((val >> 8) & 0xff)) {
 		r = rsgt_tlvfileAddOctet(newsigfp, (val >>  8) & 0xff), doWrite = 1;
 		if(r != 0) goto done;
 	}
 	r = rsgt_tlvfileAddOctet(newsigfp, val & 0xff);
 done:	return r;
 }
 static int
 rsgt_tlv8Write(FILE *newsigfp, int flags, int tlvtype, int len)
 {
 	int r;
 	assert((flags & RSGT_TYPE_MASK) == 0);
 	assert((tlvtype & RSGT_TYPE_MASK) == tlvtype);
 	r = rsgt_tlvfileAddOctet(newsigfp, (flags & ~RSGT_FLAG_TLV16_RUNTIME) | tlvtype);
 	if(r != 0) goto done;
 	r = rsgt_tlvfileAddOctet(newsigfp, len & 0xff);
 done:	return r;
 } 
 static int
 rsgt_tlv16Write(FILE *newsigfp, int flags, int tlvtype, uint16_t len)
 {
 	uint16_t typ;
 	int r;
 	assert((flags & RSGT_TYPE_MASK) == 0);
 	assert((tlvtype >> 8 & RSGT_TYPE_MASK) == (tlvtype >> 8));
 	typ = ((flags | RSGT_FLAG_TLV16_RUNTIME) << 8) | tlvtype;
 	r = rsgt_tlvfileAddOctet(newsigfp, typ >> 8);
 	if(r != 0) goto done;
 	r = rsgt_tlvfileAddOctet(newsigfp, typ & 0xff);
 	if(r != 0) goto done;
 	r = rsgt_tlvfileAddOctet(newsigfp, (len >> 8) & 0xff);
 	if(r != 0) goto done;
 	r = rsgt_tlvfileAddOctet(newsigfp, len & 0xff);
 done:	return r;
 } 
 /**
 * Write the provided record to the current file position.
 *
@ -250,7 +360,9 @@ rsgt_tlvRecRead(FILE *fp, tlvrecord_t *rec)
 	NEXTC;
 	rec->hdr[0] = c;
 	rec->tlvtype = c & 0x1f;
-	if(c & RSGT_FLAG_TLV16) { /* tlv16? */
+	if(c & RSGT_FLAG_TLV16_RUNTIME) { /* tlv16? */
 		if(rsgt_read_debug)
 			printf("debug: TL168 %d\n", c); 
 		rec->lenHdr = 4;
 		NEXTC;
 		rec->hdr[1] = c;
@ -262,21 +374,26 @@ rsgt_tlvRecRead(FILE *fp, tlvrecord_t *rec)
 		rec->hdr[3] = c;
 		rec->tlvlen |= c;
 	} else {
 		if(rsgt_read_debug)
 			printf("debug: TLV8 %d\n", c); 
 		NEXTC;
 		rec->lenHdr = 2;
 		rec->hdr[1] = c;
 		rec->tlvlen = c;
 	}
 	if(fread(rec->data, (size_t) rec->tlvlen, 1, fp) != 1) {
 		if(rsgt_read_debug)
 			printf("debug: rec->tlvlen %d\n", rec->tlvlen); 
 		r = feof(fp) ? RSGTE_EOF : RSGTE_IO;
 		goto done;
 	}
 	if(rsgt_read_debug)
 		printf("debug: rsgt_tlvRecRead tlvtype %4.4x, len %u\n", (unsigned) rec->tlvtype,
 			(unsigned) rec->tlvlen);
 	r = 0;
-done:	return r;
+done:	
 	if(rsgt_read_debug)
 		printf("debug: rsgt_tlvRecRead tlvtype %4.4x, len %u, r = %d\n", (unsigned) rec->tlvtype,
 			(unsigned) rec->tlvlen, r);
 	return r;
 }
 /* decode a sub-tlv record from an existing record's memory buffer
@ -291,7 +408,7 @@ rsgt_tlvDecodeSUBREC(tlvrecord_t *rec, uint16_t *stridx, tlvrecord_t *newrec)
 	c = rec->data[(*stridx)++];
 	newrec->hdr[0] = c;
 	newrec->tlvtype = c & 0x1f;
-	if(c & RSGT_FLAG_TLV16) { /* tlv16? */
+	if(c & RSGT_FLAG_TLV16_RUNTIME) { /* tlv16? */
 		newrec->lenHdr = 4;
 		if(rec->tlvlen == *stridx) {r=RSGTE_LEN; goto done;}
 		c = rec->data[(*stridx)++];
@ -447,7 +564,10 @@ rsgt_tlvDecodeSIG(tlvrecord_t *rec, uint16_t *strtidx, block_sig_t *bs)
 	if((bs->sig.der.data = (uint8_t*)malloc(bs->sig.der.len)) == NULL) {r=RSGTE_OOM;goto done;}
 	memcpy(bs->sig.der.data, subrec.data, bs->sig.der.len);
 	r = 0;
-done:	return r;
+done:	
 	if(rsgt_read_debug)
 		printf("debug: rsgt_tlvDecodeSIG returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
 	return r;
 }
 static int
@ -847,6 +967,8 @@ rsgt_chkFileHdr(FILE *fp, char *expect)
 	char hdr[9];
 	if((r = rsgt_tlvrdHeader(fp, (uchar*)hdr)) != 0) goto done;
 	if (rsgt_read_debug)
 		printf("debug: rsgt_chkFileHdr header returned %s\n", hdr);
 	if(strcmp(hdr, expect))
 		r = RSGTE_INVLHDR;
 	else
@ -1097,7 +1219,7 @@ rsgt_extendSig(GTTimestamp *timestamp, tlvrecord_t *rec, gterrctx_t *ectx)
 	COPY_SUBREC_TO_NEWREC
 	if ((r = rsgt_tlvDecodeSUBREC(rec, &iRd, &subrec)) != 0) goto done;
 	/* actual sig! */
-	newrec.data[iWr++] = 0x09 | RSGT_FLAG_TLV16;
+	newrec.data[iWr++] = 0x09 | RSGT_FLAG_TLV16_RUNTIME;
 	newrec.data[iWr++] = 0x06;
 	newrec.data[iWr++] = (lenDer >> 8) & 0xff;
 	newrec.data[iWr++] = lenDer & 0xff;
@ -1202,3 +1324,214 @@ void rsgt_set_debug(int iDebug)
 {
 	rsgt_read_debug = iDebug; 
 }
 /* Helper function to convert an old V10 signature file into V11 */
 int rsgt_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose)
 {
 	int r = 0, rRead = 0;
 	imprint_t *imp = NULL;
 	tlvrecord_t rec;
 	tlvrecord_t subrec;
 	/* For signature convert*/
 	int i;
 	uint16_t strtidx = 0; 
 	block_hdr_t *bh = NULL;
 	block_sig_t *bs = NULL;
 	uint16_t typconv;
 	unsigned tlvlen;
 	uint8_t tlvlenRecords;
 	/* Temporary change flags back to old default */
 	RSGT_FLAG_TLV16_RUNTIME = 0x20; 
 	/* Start reading Sigblocks from old FILE */
 	while(1) { /* we will err out on EOF */
 		rRead = rsgt_tlvRecRead(oldsigfp, &rec); 
 		if(rRead == 0 /*|| rRead == RSGTE_EOF*/) {
 			switch(rec.tlvtype) {
 				case 0x0900:
 				case 0x0901:
 					/* Convert tlvrecord Header */
 					if (rec.tlvtype == 0x0900) {
 						typconv = ((0x00 /*flags*/ | 0x80 /* NEW RSGT_FLAG_TLV16_RUNTIME*/) << 8) | 0x0902;
 						rec.hdr[0] = typconv >> 8; 
 						rec.hdr[1] = typconv & 0xff; 
 					} else if (rec.tlvtype == 0x0901) {
 						typconv = ((0x00 /*flags*/ | 0x80 /* NEW RSGT_FLAG_TLV16_RUNTIME*/) << 8) | 0x0903;
 						rec.hdr[0] = typconv >> 8; 
 						rec.hdr[1] = typconv & 0xff; 
 					}
 					/* Debug verification output */
 					r = rsgt_tlvDecodeIMPRINT(&rec, &imp);
 					if(r != 0) goto donedecode;
 					rsgt_printREC_HASH(stdout, imp, verbose);
 					/* Output into new FILE */
 					if((r = rsgt_tlvwrite(newsigfp, &rec)) != 0) goto done;
 					/* Free mem*/
 					free(imp->data);
 					free(imp);
 					break;
 				case 0x0902:
 					/* Split Data into HEADER and BLOCK */
 					strtidx = 0;
 					/* Create BH and BS*/
 					if((bh = calloc(1, sizeof(block_hdr_t))) == NULL) {
 						r = RSGTE_OOM;
 						goto donedecode;
 					}
 					if((bs = calloc(1, sizeof(block_sig_t))) == NULL) {
 						r = RSGTE_OOM;
 						goto donedecode;
 					}
 					/* Check OLD encoded HASH ALGO */
 					CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
 					if(!(subrec.tlvtype == 0x00 && subrec.tlvlen == 1)) {
 						r = RSGTE_FMT;
 						goto donedecode;
 					}
 					bh->hashID = subrec.data[0];
 					/* Check OLD encoded BLOCK_IV */
 					CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
 					if(!(subrec.tlvtype == 0x01)) {
 						r = RSGTE_INVLTYP;
 						goto donedecode;
 					}
 					if((bh->iv = (uint8_t*)malloc(subrec.tlvlen)) == NULL) {r=RSGTE_OOM;goto donedecode;}
 					memcpy(bh->iv, subrec.data, subrec.tlvlen);
 					/* Check OLD encoded LAST HASH */
 					CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
 					if(!(subrec.tlvtype == 0x02)) { r = RSGTE_INVLTYP; goto donedecode; }
 					bh->lastHash.hashID = subrec.data[0];
 					if(subrec.tlvlen != 1 + hashOutputLengthOctets(bh->lastHash.hashID)) {
 						r = RSGTE_LEN;
 						goto donedecode;
 					}
 					bh->lastHash.len = subrec.tlvlen - 1;
 					if((bh->lastHash.data = (uint8_t*)malloc(bh->lastHash.len)) == NULL) {r=RSGTE_OOM;goto donedecode;}
 					memcpy(bh->lastHash.data, subrec.data+1, subrec.tlvlen-1);
 					/* Debug verification output */
 					rsgt_printBLOCK_HDR(stdout, bh, verbose);
 					/* Check OLD encoded COUNT */
 					CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
 					if(!(subrec.tlvtype == 0x03 && subrec.tlvlen <= 8)) { r = RSGTE_INVLTYP; goto donedecode; }
 					bs->recCount = 0;
 					for(i = 0 ; i < subrec.tlvlen ; ++i) {
 						bs->recCount = (bs->recCount << 8) + subrec.data[i];
 					}
 					/* Check OLD encoded SIG */
 					CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
 					if(!(subrec.tlvtype == 0x0906)) { r = RSGTE_INVLTYP; goto donedecode; }
 					bs->sig.der.len = subrec.tlvlen;
 					bs->sigID = SIGID_RFC3161;
 					if((bs->sig.der.data = (uint8_t*)malloc(bs->sig.der.len)) == NULL) {r=RSGTE_OOM;goto donedecode;}
 					memcpy(bs->sig.der.data, subrec.data, bs->sig.der.len);
 					r = 0;
 					/* Debug output */
 					rsgt_printBLOCK_SIG(stdout, bs, verbose);
 					if(strtidx != rec.tlvlen) {
 						r = RSGTE_LEN;
 						goto donedecode;
 					}
 					/* Set back to NEW default */
 					RSGT_FLAG_TLV16_RUNTIME = 0x80; 
 					/* Create Block Header */
 					tlvlen  = 2 + 1 /* hash algo TLV */ +
 						  2 + hashOutputLengthOctets(bh->hashID) /* iv */ +
 						  2 + 1 + bh->lastHash.len /* last hash */;
 					/* write top-level TLV object block-hdr */
 					r = rsgt_tlv16Write(newsigfp, 0x00, 0x0901, tlvlen);
 					/* and now write the children */
 					/* hash-algo */
 					r = rsgt_tlv8Write(newsigfp, 0x00, 0x01, 1);
 					if(r != 0) goto done;
 					r = rsgt_tlvfileAddOctet(newsigfp, hashIdentifier(bh->hashID));
 					if(r != 0) goto done;
 					/* block-iv */
 					r = rsgt_tlv8Write(newsigfp, 0x00, 0x02, hashOutputLengthOctets(bh->hashID));
 					if(r != 0) goto done;
 					r = rsgt_tlvfileAddOctetString(newsigfp, bh->iv, hashOutputLengthOctets(bh->hashID));
 					if(r != 0) goto done;
 					/* last-hash */
 					r = rsgt_tlv8Write(newsigfp, 0x00, 0x03, bh->lastHash.len + 1);
 					if(r != 0) goto done;
 					r = rsgt_tlvfileAddOctet(newsigfp, bh->lastHash.hashID);
 					if(r != 0) goto done;
 					r = rsgt_tlvfileAddOctetString(newsigfp, bh->lastHash.data, bh->lastHash.len);
 					if(r != 0) goto done;
 					/* Create Block Signature */
 					tlvlenRecords = rsgt_tlvGetInt64OctetSize(bs->recCount);
 					tlvlen  = 2 + tlvlenRecords /* rec-count */ +
 						  4 + bs->sig.der.len /* rfc-3161 */;
 					/* write top-level TLV object (block-sig */
 					r = rsgt_tlv16Write(newsigfp, 0x00, 0x0904, tlvlen);
 					if(r != 0) goto done;
 					/* and now write the children */
 					/* rec-count */
 					r = rsgt_tlv8Write(newsigfp, 0x00, 0x01, tlvlenRecords);
 					if(r != 0) goto done;
 					r = rsgt_tlvfileAddInt64(newsigfp, bs->recCount);
 					if(r != 0) goto done;
 					/* rfc-3161 */
 					r = rsgt_tlv16Write(newsigfp, 0x00, 0x906, bs->sig.der.len);
 					if(r != 0) goto done;
 					r = rsgt_tlvfileAddOctetString(newsigfp, bs->sig.der.data, bs->sig.der.len);
 					/* Set back to OLD default */
 					RSGT_FLAG_TLV16_RUNTIME = 0x20; 
 donedecode:
 					/* Free mem*/
 					if (bh != NULL) {
 						free(bh->iv);
 						free(bh->lastHash.data);
 						free(bh);
 						bh = NULL; 
 					}
 					if (bs != NULL) {
 						free(bs->sig.der.data);
 						free(bs);
 						bs = NULL; 
 					}
 					if(r != 0) goto done;
 					break;
 				default:
 					fprintf(stdout, "unknown tlv record %4.4x\n", rec.tlvtype);
 					break;
 			}
 		} else {
 			/*if(feof(oldsigfp))
 				break;
 			else*/
 			r = rRead; 
 			if(r == RSGTE_EOF) 
 				r = 0; /* Successfully finished file */
 			else if(rsgt_read_debug)
 				printf("debug: rsgt_ConvertSigFile failed to read with error %d\n", r);
 			goto done;
 		}
 		/* Abort further processing if EOF */
 		if (rRead == RSGTE_EOF)
 			goto done;
 	}
 done:
 	if(rsgt_read_debug)
 		printf("debug: rsgt_ConvertSigFile returned %d\n", r);
 	return r;
 }
--- a/runtime/librsksi.c
+++ b/runtime/librsksi.c
@ -59,6 +59,8 @@ typedef unsigned char uchar;
 #define VERSION "no-version"
 #endif
 int RSKSI_FLAG_TLV16_RUNTIME = RSGT_FLAG_TLV16;
 int RSKSI_FLAG_NONCRIT_RUNTIME = RSGT_FLAG_NONCRIT; 
 static void
 reportErr(rsksictx ctx, char *errmsg)
@ -298,7 +300,7 @@ tlv8WriteKSI(ksifile ksi, int flags, int tlvtype, int len)
 	int r;
 	assert((flags & RSGT_TYPE_MASK) == 0);
 	assert((tlvtype & RSGT_TYPE_MASK) == tlvtype);
-	r = tlvbufAddOctet(ksi, (flags & ~RSGT_FLAG_TLV16) | tlvtype);
+	r = tlvbufAddOctet(ksi, (flags & ~RSKSI_FLAG_TLV16_RUNTIME) | tlvtype);
 	if(r != 0) goto done;
 	r = tlvbufAddOctet(ksi, len & 0xff);
 done:	return r;
@ -311,7 +313,7 @@ tlv16WriteKSI(ksifile ksi, int flags, int tlvtype, uint16_t len)
 	int r;
 	assert((flags & RSGT_TYPE_MASK) == 0);
 	assert((tlvtype >> 8 & RSGT_TYPE_MASK) == (tlvtype >> 8));
-	typ = ((flags | RSGT_FLAG_TLV16) << 8) | tlvtype;
+	typ = ((flags | RSKSI_FLAG_TLV16_RUNTIME) << 8) | tlvtype;
 	r = tlvbufAddOctet(ksi, typ >> 8);
 	if(r != 0) goto done;
 	r = tlvbufAddOctet(ksi, typ & 0xff);
--- a/runtime/librsksi.h
+++ b/runtime/librsksi.h
@ -390,5 +390,7 @@ int hash_r_ksi(ksifile ksi, KSI_DataHash **r, const unsigned char *rec, const si
 int hash_node_ksi(ksifile ksi, KSI_DataHash **node, KSI_DataHash *m, KSI_DataHash *r, uint8_t level);
 extern char *rsksi_read_puburl; /**< url of publication server */
 extern uint8_t rsksi_read_showVerified;
 extern int RSKSI_FLAG_TLV16_RUNTIME;
 extern int RSKSI_FLAG_NONCRIT_RUNTIME; 
 #endif  /* #ifndef INCLUDED_LIBRSKSI_H */
--- a/runtime/librsksi_read.c
+++ b/runtime/librsksi_read.c
@ -266,7 +266,7 @@ rsksi_tlvRecRead(FILE *fp, tlvrecord_t *rec)
 	NEXTC;
 	rec->hdr[0] = c;
 	rec->tlvtype = c & 0x1f;
-	if(c & RSGT_FLAG_TLV16) { /* tlv16? */
+	if(c & RSKSI_FLAG_TLV16_RUNTIME) { /* tlv16? */
 		rec->lenHdr = 4;
 		NEXTC;
 		rec->hdr[1] = c;
@ -307,7 +307,7 @@ rsksi_tlvDecodeSUBREC(tlvrecord_t *rec, uint16_t *stridx, tlvrecord_t *newrec)
 	c = rec->data[(*stridx)++];
 	newrec->hdr[0] = c;
 	newrec->tlvtype = c & 0x1f;
-	if(c & RSGT_FLAG_TLV16) { /* tlv16? */
+	if(c & RSKSI_FLAG_TLV16_RUNTIME) { /* tlv16? */
 		newrec->lenHdr = 4;
 		if(rec->tlvlen == *stridx) {r=RSGTE_LEN; goto done;}
 		c = rec->data[(*stridx)++];
@ -1112,7 +1112,7 @@ rsksi_extendSig(KSI_Signature *sig, ksifile ksi, tlvrecord_t *rec, ksierrctx_t *
 	COPY_SUBREC_TO_NEWREC
 	if ((r = rsksi_tlvDecodeSUBREC(rec, &iRd, &subrec)) != 0) goto done;
 	/* actual sig! */
-	newrec.data[iWr++] = 0x09 | RSGT_FLAG_TLV16;
+	newrec.data[iWr++] = 0x09 | RSKSI_FLAG_TLV16_RUNTIME;
 	newrec.data[iWr++] = 0x06;
 	newrec.data[iWr++] = (lenDer >> 8) & 0xff;
 	newrec.data[iWr++] = lenDer & 0xff;
--- a/tools/rsgtutil.c
+++ b/tools/rsgtutil.c
@ -46,7 +46,7 @@
 typedef unsigned char uchar;
 static enum { MD_DUMP, MD_DETECT_FILE_TYPE, MD_SHOW_SIGBLK_PARAMS,
-              MD_VERIFY, MD_EXTEND
+              MD_VERIFY, MD_EXTEND, MD_CONVERT
 } mode = MD_DUMP;
 static enum { API_GT, API_KSI } apimode = API_GT;
 static int verbose = 0;
@ -57,7 +57,7 @@ static void
 dumpFile(char *name)
 {
 	FILE *fp;
-	uchar hdr[9];
+	char hdr[9];
 	void *obj;
 	tlvrecord_t rec;
 	int r = -1;
@ -71,8 +71,14 @@ dumpFile(char *name)
 			goto err;
 		}
 	}
-	if((r = rsgt_tlvrdHeader(fp, hdr)) != 0) goto err;
+	if((r = rsgt_tlvrdHeader(fp, (uchar*)hdr)) != 0) goto err;
-	printf("File Header: '%s'\n", hdr);
+	if(!strcmp(hdr, "LOGSIG10"))
 		printf("File Header: Version 10 (deprecated) - conversion needed.\n");
 	else if(!strcmp(hdr, "LOGSIG11"))
 		printf("File Header: Version 11\n");
 	else
 		printf("File Header: '%s'\n", hdr);
 	while(1) { /* we will err out on EOF */
 		if((r = rsgt_tlvrd(fp, &rec, &obj)) != 0) {
 			if(feof(fp))
@ -87,7 +93,8 @@ dumpFile(char *name)
 	if(fp != stdin)
 		fclose(fp);
 	return;
-err:	fprintf(stderr, "error %d (%s) processing file %s\n", r, RSGTE2String(r), name);
+err:	
 	fprintf(stderr, "error %d (%s) processing file %s\n", r, RSGTE2String(r), name);
 }
 static void
@ -130,6 +137,97 @@ err:
 	if(r != RSGTE_EOF)
 		fprintf(stderr, "error %d (%s) processing file %s\n", r, RSGTE2String(r), name);
 }
 static void
 convertFile(char *name)
 {
 	FILE *oldsigfp = NULL, *newsigfp = NULL;
 	char hdr[9];
 	int r = -1;
 	char newsigfname[4096];
 	char oldsigfname[4096];
 	if(!strcmp(name, "-"))
 		oldsigfp = stdin;
 	else {
 		printf("Processing file %s:\n", name);
 		if((oldsigfp = fopen(name, "r")) == NULL) {
 			perror(name);
 			goto err;
 		}
 	}
 	if((r = rsgt_tlvrdHeader(oldsigfp, (uchar*)hdr)) != 0) goto err;
 	if(!strcmp(hdr, "LOGSIG10")) {
 		printf("Found Signature File with Version 10 - starting conversion.\n");
 		snprintf(newsigfname, sizeof(newsigfname), "%s.LOGSIG11", name);
 		snprintf(oldsigfname, sizeof(oldsigfname), "%s.LOGSIG10", name);
 		if((newsigfp = fopen(newsigfname, "w")) == NULL) {
 			perror(newsigfname);
 			r = RSGTE_IO;
 			goto err;
 		}
 		else {
 			/* Write FileHeader first */
 			if ( fwrite(LOGSIGHDR, sizeof(LOGSIGHDR)-1, 1, newsigfp) != 1) goto err;
 		}
 		if ((r = rsgt_ConvertSigFile(name, oldsigfp, newsigfp, verbose)) != 0)
 			goto err;
 		else {
 			/* Delete OLDFILE if there is one*/
 			if(unlink(oldsigfname) != 0) {
 				if(errno != ENOENT) {
 					perror("Error removing old file");
 					r = RSGTE_IO;
 					goto err;
 				}
 			}
 			/* Copy main sigfile to oldfile */
 			if(link(name, oldsigfname) != 0) {
 				perror("Error moving old file");
 				r = RSGTE_IO;
 				goto err;
 			}
 			/* Delete current sigfile*/
 			if(unlink(name) != 0) {
 				if(errno != ENOENT) {
 					perror("Error removing old file");
 					r = RSGTE_IO;
 					goto err;
 				}
 			}
 			/* Copy new sigfile to main sigfile */
 			if(link(newsigfname, name) != 0) {
 				perror("Error moving new file");
 				r = RSGTE_IO;
 				goto err;
 			}
 			/* Delete temporary new sigfile*/
 			if(unlink(newsigfname) != 0) {
 				if(errno != ENOENT) {
 					perror("Error removing new file");
 					r = RSGTE_IO;
 					goto err;
 				}
 			}
 			printf("File %s was converted to Version 11.\n", name);
 		}
 	}
 	else
 		printf("File does not need to be converted, File Header is: '%s'\n", hdr);
 	if(oldsigfp != stdin)
 		fclose(oldsigfp);
 	if (newsigfp != NULL)	
 		fclose(newsigfp); 
 	return;
 err:	
 	fprintf(stderr, "error %d (%s) converting file %s\n", r, RSGTE2String(r), name);
 }
 #endif
 #ifdef ENABLEKSI
@ -137,7 +235,7 @@ static void
 dumpFileKSI(char *name)
 {
 	FILE *fp;
-	uchar hdr[9];
+	char hdr[9];
 	void *obj;
 	tlvrecord_t rec;
 	int r = -1;
@ -151,8 +249,13 @@ dumpFileKSI(char *name)
 			goto err;
 		}
 	}
-	if((r = rsksi_tlvrdHeader(fp, hdr)) != 0) goto err;
+	if((r = rsksi_tlvrdHeader(fp, (uchar*)hdr)) != 0) goto err;
-	printf("File Header: '%s'\n", hdr);
+	if(!strcmp(hdr, "LOGSIG10"))
 		printf("File Header: Version 10 (deprecated) - conversion needed.\n");
 	else if(!strcmp(hdr, "LOGSIG11"))
 		printf("File Header: Version 11\n");
 	else
 		printf("File Header: '%s'\n", hdr);
 	while(1) { /* we will err out on EOF */
 		if((r = rsksi_tlvrd(fp, &rec, &obj)) != 0) {
 			if(feof(fp))
@ -210,6 +313,38 @@ err:
 	if(r != RSGTE_EOF)
 		fprintf(stderr, "error %d (%s) processing file %s\n", r, RSKSIE2String(r), name);
 }
 static void
 convertFileKSI(char *name)
 {
 	FILE *fp;
 	char hdr[9];
 	int r = -1;
 	if(!strcmp(name, "-"))
 		fp = stdin;
 	else {
 		printf("Processing file %s:\n", name);
 		if((fp = fopen(name, "r")) == NULL) {
 			perror(name);
 			goto err;
 		}
 	}
 	if((r = rsksi_tlvrdHeader(fp, (uchar*)hdr)) != 0) goto err;
 	if(!strcmp(hdr, "LOGSIG10")) {
 		printf("Found Signature File with Version 10 - starting conversion.\n");
 		/* TODO CONVERT FILE!!!!! */
 	}
 	else
 		printf("File does not need to be converted, File Header is: '%s'\n", hdr);
 	if(fp != stdin)
 		fclose(fp);
 	return;
 err:	
 	fprintf(stderr, "error %d (%s) processing file %s\n", r, RSKSIE2String(r), name);
 }
 #endif
 #ifdef ENABLEGT
@ -312,6 +447,7 @@ verifyGT(char *name, char *errbuf, char *sigfname, char *oldsigfname, char *nsig
 			fprintf(stderr, "error %d in rsgt_chkFileHdr\n", r); 
 		goto done;
 	}
 	if(mode == MD_EXTEND) {
 		if(fwrite("LOGSIG11", 8, 1, nsigfp) != 1) {
 			perror(nsigfname);
@ -828,6 +964,16 @@ processFile(char *name)
 #ifdef ENABLEKSI
 		if (apimode == API_KSI)
 			showSigblkParamsKSI(name);
 #endif
 		break;
 	case MD_CONVERT:
 #ifdef ENABLEGT
 		if (apimode == API_GT)
 			convertFile(name);
 #endif
 #ifdef ENABLEKSI
 		if (apimode == API_KSI)
 			convertFileKSI(name);
 #endif
 		break;
 	case MD_VERIFY:
@ -843,6 +989,7 @@ processFile(char *name)
 static struct option long_options[] = 
 { 
 	{"help", no_argument, NULL, 'h'},
 	{"convert", no_argument, NULL, 'c'},
 	{"dump", no_argument, NULL, 'D'},
 	{"verbose", no_argument, NULL, 'v'},
 	{"debug", no_argument, NULL, 'd'},
@ -869,6 +1016,7 @@ rsgtutil_usage(void)
 			"\t-e, --extend \t\t\t Extends the RFC3161 signatures.\n"
 			"\t-B, --show-sigblock-params \t Show signature block parameters.\n"
 			"\t-T, --detect-file-type \t Show Type of signature file.\n"
 			"\t-c, --convert \t\t\t Convert Signature Format Version 10 to 11.\n"
 			"\t-V, --Version \t\t\t Print utility version\n"
 			"\t\tOptional parameters\n"
 			"\t-a <GT|KSI>, --api  <GT|KSI> \t Set which API to use.\n"
@ -888,7 +1036,7 @@ main(int argc, char *argv[])
 	int opt;
 	while(1) {
-		opt = getopt_long(argc, argv, "aBdDeHPstTvV", long_options, NULL);
+		opt = getopt_long(argc, argv, "aBcdDeHPstTvV", long_options, NULL);
 		if(opt == -1)
 			break;
 		switch(opt) {
@ -950,6 +1098,9 @@ main(int argc, char *argv[])
 		case 'e':
 			mode = MD_EXTEND;
 			break;
 		case 'c':
 			mode = MD_CONVERT;
 			break;
 		case 'h':
 		case '?':
 			rsgtutil_usage();