Prints the hash and signature when signing and verifying

Also, removes the existing prints of the hash to sign/verify.
AxisCommunications · Oct 9, 2024 · 7641d1d · 7641d1d
1 parent b83c823
commit 7641d1d
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 18 deletions.
diff --git a/lib/src/signed_video_h26x_auth.c b/lib/src/signed_video_h26x_auth.c
@@ -1021,13 +1021,6 @@ prepare_for_validation(signed_video_t *self)
 
     // If we have received a SEI there is a signature to use for verification.
     if (self->gop_state.has_sei) {
-#ifdef SIGNED_VIDEO_DEBUG
-      printf("Hash to verify against signature:\n");
-      for (size_t i = 0; i < verify_data->hash_size; i++) {
-        printf("%02x", verify_data->hash[i]);
-      }
-      printf("\n");
-#endif
       SV_THROW(openssl_verify_hash(verify_data, &self->gop_info->verified_signature_hash));
     }
 

diff --git a/lib/src/signed_video_h26x_common.c b/lib/src/signed_video_h26x_common.c
@@ -19,7 +19,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
 #include <assert.h>  // assert
-#if defined(PRINT_DECODED_SEI)
+#if defined(SIGNED_VIDEO_DEBUG) || defined(PRINT_DECODED_SEI)
 #include <stdarg.h>  // va_list, va_start, va_arg, va_end
 #endif
 #include <stdbool.h>  // bool
@@ -724,7 +724,7 @@ copy_nalu_except_pointers(h26x_nalu_t *dst_nalu, const h26x_nalu_t *src_nalu)
 
 /* Helper function to public APIs */
 
-#if defined(PRINT_DECODED_SEI)
+#if defined(SIGNED_VIDEO_DEBUG) || defined(PRINT_DECODED_SEI)
 void
 sv_print_hex_data(const uint8_t *data, size_t data_size, const char *fmt, ...)
 {

diff --git a/lib/src/signed_video_h26x_sign.c b/lib/src/signed_video_h26x_sign.c
@@ -364,15 +364,7 @@ generate_sei_nalu(signed_video_t *self, uint8_t **payload, uint8_t **payload_sig
     // Reset the timestamp to avoid including a duplicate in the next SEI.
     gop_info->has_timestamp = false;
 
-#ifdef SIGNED_VIDEO_DEBUG
-    printf("Hash to sign:\n");
-    for (size_t i = 0; i < sign_data->hash_size; i++) {
-      printf("%02x", sign_data->hash[i]);
-    }
-    printf("\n");
-#endif
     SV_THROW(sv_signing_plugin_sign(self->plugin_handle, sign_data->hash, sign_data->hash_size));
-
   SV_CATCH()
   {
     DEBUG_LOG("Failed generating the SEI");

diff --git a/lib/src/signed_video_internal.h b/lib/src/signed_video_internal.h
@@ -279,7 +279,7 @@ free_and_reset_nalu_to_prepend_list(signed_video_t *signed_video);
 void
 free_sei_data_buffer(sei_data_t sei_data_buffer[]);
 
-#if defined(PRINT_DECODED_SEI)
+#if defined(SIGNED_VIDEO_DEBUG) || defined(PRINT_DECODED_SEI)
 /* Prints data in hex form, typically used for hashes and signatures. */
 void
 sv_print_hex_data(const uint8_t *data, size_t data_size, const char *fmt, ...);

diff --git a/lib/src/signed_video_openssl.c b/lib/src/signed_video_openssl.c
@@ -269,6 +269,10 @@ openssl_sign_hash(sign_or_verify_data_t *sign_data)
     // Set the actually written size of the signature. Depending on signing algorithm a shorter
     // signature may have been written.
     sign_data->signature_size = siglen;
+#ifdef SIGNED_VIDEO_DEBUG
+    sv_print_hex_data(hash_to_sign, hash_size, "SIGNING HASH\nhash: ");
+    sv_print_hex_data(signature, siglen, "signature (%zu B): ", siglen);
+#endif
   SV_CATCH()
   SV_DONE(status)
 
@@ -295,6 +299,11 @@ openssl_verify_hash(const sign_or_verify_data_t *verify_data, int *verified_resu
     SV_THROW_IF(!ctx, SV_INVALID_PARAMETER);
     // EVP_PKEY_verify returns 1 upon success, 0 upon failure and < 0 upon error.
     verified_hash = EVP_PKEY_verify(ctx, signature, signature_size, hash_to_verify, hash_size);
+#ifdef SIGNED_VIDEO_DEBUG
+    sv_print_hex_data(
+        hash_to_verify, hash_size, "VERIFYING HASH\nhash (verified as %d): ", verified_hash);
+    sv_print_hex_data(signature, signature_size, "signature (%zu B): ", signature_size);
+#endif
   SV_CATCH()
   SV_DONE(status)