Hello and problem detecting signed data files

A little context:
        - downloaded and built on SUSE/Linux 10.3
        - make
        - make stestlib  (BTW created "testlib" as exec file, not stestlib)
        - execution of testlib: all tests successful (yeah)

I rewrote my code to skip the file reading and just use some local data
and tried to remove as much irrelevant material as possible:

--code------------------------------------------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include "./cryptlib.h"

void printErrorAttributeInfo( const CRYPT_HANDLE cryptHandle )
        {
        int errorType, errorLocus;
        int status;

        status = cryptGetAttribute( cryptHandle, CRYPT_ATTRIBUTE_ERRORTYPE,

&errorType );
        cryptGetAttribute( cryptHandle, CRYPT_ATTRIBUTE_ERRORLOCUS,
&errorLocus );
        if( cryptStatusOK( status ) && errorType != CRYPT_ERRTYPE_NONE )
                printf( "  Error info attributes report locus %d, type
%d.\n",
                                errorLocus, errorType );
        }

void printExtError( const CRYPT_HANDLE cryptHandle,
                                        const char *functionName, const
int functionStatus,
                                        const int lineNo )
        {
        char errorMessage[ 512 ];
        int errorCode, errorMessageLength, status, msgStatus;

        printf( "%s failed with error code %d, line %d.\n", functionName,
                        functionStatus, lineNo );
        status = cryptGetAttribute( cryptHandle,
CRYPT_ATTRIBUTE_INT_ERRORCODE,

&errorCode );
        msgStatus = cryptGetAttributeString( cryptHandle,

         CRYPT_ATTRIBUTE_INT_ERRORMESSAGE,

         errorMessage, &errorMessageLength );
        if( cryptStatusError( status ) )
                {
                printf( "Read of error attributes failed with error code
%d, "
                                "line %d.\n", status, __LINE__ );
                return;
                }
        if( !errorCode && cryptStatusError( msgStatus ) )
                {
                puts( "  No extended error information available." );
                printErrorAttributeInfo( cryptHandle );
                return;
                }
        if( errorCode )
                printf( "  Extended error code = %d (0x%X).\n", errorCode,
                                errorCode );
        if( cryptStatusOK( msgStatus ) )
                {
                errorMessage[ errorMessageLength ] = '\0';
                printf( "  Error message = %s'%s'.\n",
                                ( errorMessageLength > ( 80 - 21 ) ) ?
"\n  " : "",
                                errorMessage );
                }
        else
                puts( "." );
        printErrorAttributeInfo( cryptHandle );
        }

void verifySignature()
{
   CRYPT_ENVELOPE cryptEnvelope;
   int bytesCopied;
   CRYPT_OBJECT_INFO cryptObjectInfo;
   CRYPT_ATTRIBUTE_TYPE requiredAttribute;
   CRYPT_USER cryptUser = CRYPT_UNUSED;
   void *message;
   int cryptlibReturnValue;
   int status;
   int value = -1;

   cryptlibReturnValue = cryptCreateEnvelope( &cryptEnvelope, cryptUser,
CRYPT_FORMAT_CRYPTLIB );
                                             /* was AUTO format before
=> error BADDATA (-32) on push */
   if cryptStatusError(cryptlibReturnValue) {
      printf(" create envelope cryptlib error %d\n", cryptlibReturnValue);

printExtError(cryptEnvelope,"cryptCreateEnvelope",cryptlibReturnValue,0);
      return;
   }  else printf("created the envelope...\n");


   cryptlibReturnValue = cryptPushData( cryptEnvelope, "What is going on
here ?", 23, &bytesCopied );
   if cryptStatusError(cryptlibReturnValue) {
      printf("Pushed data into the envelope, code %d, bytes copied
%d\n",cryptlibReturnValue,bytesCopied);
      printExtError(cryptEnvelope,"cryptPushData",cryptlibReturnValue,1);
      return;
   }  else printf("pushed the data (%d bytes)...\n",bytesCopied);


   cryptlibReturnValue =
cryptGetAttribute(cryptEnvelope,CRYPT_ATTRIBUTE_CURRENT,
&requiredAttribute);
   if cryptStatusError(cryptlibReturnValue) {
      printf("Get current attribute from envelope, ret code %d,
attribute %d\n",cryptlibReturnValue,requiredAttribute);

printExtError(cryptEnvelope,"cryptGetAttribute",cryptlibReturnValue,2);
   } else printf("read the attributes...\n");
}

int main( int argc, char **argv )
{
   int status;
   status = cryptInit();
   verifySignature();
   status = cryptEnd();
}
--/code----------------------------------------------------------------

Execution results:

created the envelope...
pushed the data (23 bytes)...
Get current attribute from envelope, ret code -2, attribute -1
cryptGetAttribute failed with error code -2, line 2.
Read of error attributes failed with error code -2, line 35.

Note that this example pushes garbage into the envelope so the results
could be normal. When I use a buffer into which I copy files though, I
get the same results - regardless if the file is actually a signed
object or not (example files in cryptlib/test/certs.

These results are the same whether linking static or shared or with/wo
threads.

sorry about the ugly code (it's been a while).

best regards

jcb
--

Jean-Claude Bauer
ClearBUS - Responsable Technique

email: Jean-Claude.Bauer@...
tél: +33 (0)975 601 444

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Jean-Claude Bauer <Jean-Claude.Bauer@...> writes:

>Note that this example pushes garbage into the envelope so the results could
>be normal.

If you're pushing garbage (and specifically in this case non-enveloped data)
then the results you give are exactly what should be expected.

>When I use a buffer into which I copy files though, I get the same results -
>regardless if the file is actually a signed object or not (example files in
>cryptlib/test/certs.

Without being able to see the code you're using, if you're getting exactly the
same results as you get from pushing garbage into the envelope then the
obvious conclusion would be that what's going into the envelope isn't valid
signed data.

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Thanks for your response.

>> Note that this example pushes garbage into the envelope so the results could
>> be normal.
>
> If you're pushing garbage (and specifically in this case non-enveloped data)
> then the results you give are exactly what should be expected.

OK. I have to treat non-enveloped data also. I was looking for a clean
way to check this fact. Maybe what I'm looking for is something along
the lines of dumpasn.c which would tell at least if the data was in ASN
format.

>> When I use a buffer into which I copy files though, I get the same results -
>> regardless if the file is actually a signed object or not (example files in
>> cryptlib/test/certs.
>
Possibly the buffer I use needs to be bigger than the data in order to
leave some workspace ?

> Without being able to see the code you're using, if you're getting exactly the
> same results as you get from pushing garbage into the envelope then the
> obvious conclusion would be that what's going into the envelope isn't valid
> signed data.

Agreed! Maybe I am going about this in the wrong way, do I need to push
and then pop before checking any meaningful attributes ? I will gladly
send all my code, the previous was an attempt to isolate and simplify.

best regards,

Jean-Claude Bauer
ClearBUS - Responsable Technique

email: Jean-Claude.Bauer@...
tél: +33 (0)975 601 444

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Hello and good day,

I have temporarily resolved this issue. Originally I had been trying
to determine if a file was a signed object using cryptQueryObject. Since
it didn't seem to give good results I started the envelope business -
probably a big mistake ;-) I continued testing with files from
test/certs test/smime tests/pgp etc.

I decided to start all over again and build a signed object myself
using pgp. The other signed objects I had been using were an OpenOffice
writer-signed file and (I had hoped) the certificates of test/certs.

When I used my pgp signed file, and the function cryptQueryObject() I
get coherent results ! Haleluiah. Well, learned a few things, some days
are better than others.

best regards

Jean-Claude Bauer
ClearBUS - Responsable Technique

email: Jean-Claude.Bauer@...
tél: +33 (0)975 601 444

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.